Cloud Security Engineer in Salford

Finova is the UK’s largest financial services technology provider, supporting one in every five mortgages nationwide. Our agile, cloud-native solutions enable over 60 banks, building societies, specialist lenders, equity release providers and a network of 2,400+ brokers to stay ahead in a competitive market. Built on open architecture and backed by deep industry expertise, our platform is designed to scale. Each year, we process over £50 billion in loans, manage nearly £50 billion in savings, and support the digital servicing of more than 650,000 UK borrower accounts. Be part of a team that’s driving innovation, enabling growth and shaping the future of UK lending.

We’re looking for a Cloud Security Engineer to own the security posture of our multi-cloud SaaS fintech platform across AWS, Azure, and GCP. This is a hands-on, hybrid role. You’ll review Terraform pull requests, tune CSPM rules, and trace misconfigured storage buckets across multiple accounts to close gaps by day’s end.

Must-Have Experience

• Professional Experience: 4–6 years in cloud security, security engineering, or security-focused platform engineering, with hands-on production experience in regulated environments.
• Multi-Cloud Mastery: Hands-on experience securing at least two of AWS, Azure, and GCP in production, and working familiarity with all three.
• Infrastructure-as-Code: Deep experience with IaC security, primarily utilizing Terraform, plus at least one of Bicep, ARM, CloudFormation, or Pulumi, alongside their associated policy-as-code tooling.
• Cloud-Native Security Services: Practical knowledge of tools like Defender for Cloud, AWS Security Hub / GuardDuty / Macie / Inspector, and GCP Security Command Center / Chronicle.
• Container Security: Practical experience with Kubernetes security and container supply-chain security.
• Guardrails as Code: Experience defining and operating cloud guardrails as code.
• Network & Core Security: Solid understanding of cloud network security patterns and secrets management.
• SecOps & Multi-Tenancy: Familiarity with cloud detection engineering and an understanding of how cloud-layer choices dictate real SaaS tenant isolation.
• Consultative Delivery: Experience working as a delivery engineer or consultant for a vendor or consultancy.
• Communication: Clear communicator capable of explaining a cloud risk to various stakeholders.

Nice-to-Have Experience

• Experience working within fintech, payments, banking, or insurance environments.
• Hands-on experience securing AI/ML cloud infrastructure.
• Experience with CNAPP / CIEM platforms.
• Familiarity with eBPF-based runtime security tooling.
• Experience with FedRAMP, ISO 27001, or other formal compliance regimes.
• Relevant industry certifications.
• Strong scripting skills for automation, custom tooling, and detection engineering.
• Background in offensive cloud security.

What will you be doing?

• Infrastructure-as-Code (IaC) Security & Shift-Left
• Network, Workload Security & Data Protection
• Detection, Response & Cloud SecOps
• AI & ML Infrastructure Security
• Compliance, Evidence & Enablement

What We Offer

• Multi-Cloud Posture & CSPM
• Tooling & Baselines: Own and tune CSPM tooling across AWS, Azure, and GCP.
• Remediation & Inventory: Partner with platform teams to fix underlying misconfiguration patterns.
• Pipeline Integration: Embed security scanners into IaC pipelines.
• Guardrails & Design: Define production-grade guardrails as code.
• Network & Edge: Design secure multi-cloud architectures.
• Containers & Serverless: Harden Kubernetes, container supply chains, and serverless workloads.
• Data & Secrets: Enforce cross-cloud encryption and hardened secrets infrastructure.
• Standards: Establish cryptographic baselines and implement continuous discovery controls.
• Detection Engineering: Build and tune detections using cloud audit logs.
• Incident Response: Own the cloud IR lifecycle.
• Asset Hardening: Define the cloud security model for AI/ML pipelines.
• Isolation & Standards: Design strict multi-tenant isolation.
• Continuous Compliance: Automate continuous evidence collection.
• Engineering Enablement: Provide clear standards and deep cloud expertise.

Hybrid working: Work in a hybrid way that suits you.

Private medical insurance: Comprehensive health cover.

Life assurance & income protection: We provide life assurance and income protection.

Family friendly policies: Our enhanced family-friendly policy goes beyond maternity and paternity leave.

Work from anywhere: With approval, Finova employees can work abroad for up to 4 weeks each year.

Flexible holiday package: Enjoy 25 days paid holiday allowance, plus all public holidays.

We value diversity and are committed to creating an inclusive environment for all employees.