Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Take charge of AWS security and vulnerability remediation in a hands-on role.
- Company: Join a tech-driven organisation focused on data and digital platforms.
- Benefits: Competitive pay, hybrid work model, and opportunities for professional growth.
- Why this job: Make a real impact by enhancing cloud security and collaborating with talented teams.
- Qualifications: Deep AWS security expertise and experience in DevSecOps practices required.
- Other info: Dynamic environment with a focus on innovation and career advancement.
The predicted salary is between 48000 - 72000 ÂŁ per year.
We are partnering with a technology‑led organization operating at scale in the data and digital platforms space, seeking an AWS Security & Vulnerability Remediation Engineer to support a focused cloud security improvement program. This is a hands‑on delivery role for a security engineer with deep AWS expertise who enjoys working directly with developers and platform teams to remediate real vulnerabilities in cloud environments, applications, and delivery pipelines.
The successful contractor will take ownership of end‑to‑end remediation of AWS and workload vulnerabilities, working closely with developers, data engineers, and an internal AWS Security Lead. The role combines strong AWS security fundamentals with practical DevSecOps and vulnerability management experience. AWS security is the primary technical focus; the ability to embed security into engineering workflows and drive findings through to closure is essential.
Key Responsibilities
- Own the full lifecycle of AWS and workload vulnerability remediation: validation, impact assessment, prioritisation, remediation, and closure.
- Partner with development and data teams to implement secure fixes across:
- Application code
- Infrastructure as Code (IaC)
- Containers and serverless workloads
- Operating systems and third‑party packages
- Embed security into CI/CD pipelines and the SDLC, including shift‑left reviews and pipeline guardrails.
- Provide secure coding guidance, dependency management recommendations, and remediation patterns.
- Improve and automate vulnerability management processes (scanning coverage, SLAs, exceptions, evidence capture).
- Configure, tune, and operate AWS‑native security services including:
- GuardDuty
- Security Hub
- Inspector
- AWS Config
- IAM Access Analyzer
- Produce clear remediation guidance, runbooks, and dashboards for technical and non‑technical stakeholders.
- Track remediation progress and demonstrate measurable risk reduction.
- Support incident response and post‑remediation validation for high‑risk or exploited findings.
Required Skills & Experience
- AWS & Cloud Security (Essential)
- Deep, hands‑on AWS security experience across:
- IAM, networking, compute, storage, serverless, and managed data services.
- Least‑privilege IAM, roles, permission boundaries, SCPs, and access reviews.
- VPC segmentation, security groups, NACLs, private endpoints, WAF/Shield.
- Encryption in transit and at rest using KMS, TLS, and secrets management.
- Centralised logging and monitoring (CloudTrail, CloudWatch, Config, SIEM patterns).
- AWS‑native threat detection and posture management.
- Strong understanding of modern SDLC, CI/CD, and DevSecOps practices.
- Demonstrable experience managing the full vulnerability lifecycle:
- Triage and validation.
- Risk‑based prioritisation (CVSS, EPSS, KEV).
- Remediation and verification.
- Reporting and evidence.
- OS and package CVEs.
- Container images.
- Third‑party libraries.
- Serverless runtimes.
- Cloud misconfigurations.
- Infrastructure as Code: Terraform and/or CloudFormation.
- Scripting and automation using Python, Bash, or similar.
- Container and serverless security exposure (ECR, ECS/EKS, Lambda).
- Experience with vulnerability and scanning tools such as:
- AWS Inspector / Security Hub.
- Snyk, Trivy, Dependabot.
- Prisma, Qualys, Tenable (or equivalents).
Nice to Have
- AWS certifications (Security Specialty, Solutions Architect, or equivalent).
- Experience securing data platforms on AWS (Glue, EMR, Redshift, Athena, RDS, OpenSearch, MSK).
- Secure coding knowledge in Python, Node.js, Java, or core development stack.
- Experience with policy‑as‑code and automated control enforcement (OPA, Conftest, tfsec, Checkov).
Personal Attributes
- Highly collaborative and pragmatic; comfortable working directly with engineers.
- Strong risk judgement and ability to balance security with delivery impact.
- Clear communicator, able to write concise remediation guidance and status updates.
- Ownership mindset — you drive remediation through to completion, not just identification.
AWS Security Engineer employer: Futureheads
Contact Detail:
Futureheads Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land AWS Security Engineer
✨Tip Number 1
Network, network, network! Get out there and connect with people in the industry. Attend meetups, webinars, or even just grab a coffee with someone who works in AWS security. You never know who might have a lead on your next opportunity!
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your AWS security projects. This is a great way to demonstrate your hands-on experience and problem-solving abilities to potential employers.
✨Tip Number 3
Prepare for interviews by brushing up on common AWS security scenarios. Be ready to discuss how you would handle specific vulnerabilities or implement security controls. Practice makes perfect, so consider doing mock interviews with friends or mentors.
✨Tip Number 4
Don’t forget to apply through our website! We’ve got loads of opportunities that might be perfect for you. Plus, applying directly can sometimes give you an edge over other candidates.
We think you need these skills to ace AWS Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your AWS security experience and aligns with the key responsibilities mentioned in the job description. We want to see how your skills match up with what we're looking for!
Craft a Compelling Cover Letter: Use your cover letter to tell us why you're the perfect fit for this role. Share specific examples of your hands-on experience with AWS security and how you've tackled vulnerabilities in the past. We love a good story!
Show Off Your Technical Skills: Don’t hold back on showcasing your technical expertise! Mention your experience with tools like AWS Inspector, Security Hub, and any scripting languages you’re comfortable with. We’re keen to see how you can contribute to our team.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates. Let’s get started on this journey together!
How to prepare for a job interview at Futureheads
✨Know Your AWS Security Fundamentals
Make sure you brush up on your AWS security knowledge, especially around IAM, networking, and the Well-Architected Security Pillar. Be ready to discuss how you've implemented security controls in past projects, as this will show your hands-on experience.
✨Demonstrate Your DevSecOps Experience
Prepare to talk about your experience with CI/CD pipelines and how you've embedded security into the software development lifecycle. Share specific examples of how you've managed vulnerabilities and worked with developers to implement secure fixes.
✨Showcase Your Problem-Solving Skills
Be ready to discuss real-world scenarios where you've triaged and remediated vulnerabilities. Highlight your ability to translate complex security findings into actionable tasks for engineering teams, as this is crucial for the role.
✨Communicate Clearly and Confidently
Practice explaining technical concepts in a way that non-technical stakeholders can understand. Clear communication is key, so prepare to present your remediation strategies and progress updates succinctly during the interview.
