AWS Security Engineer

Harvey Nash are supporting a client seeking an experienced AWS Security Engineer to join their IT Infrastructure and Cyber function. This is a lead role in designing, implementing, and optimising AWS security controls across a multi-account cloud environment. This role requires a strong blend of hands-on AWS security engineering and strategic design capability, supporting secure cloud adoption and ongoing platform maturity.

Key Responsibilities

• Design secure AWS architectures, including IAM strategy, access models, logging, monitoring, and compliance controls
• Define secure hosting approaches across EC2, containerised workloads, and supporting services
• Establish and enhance identity and access management frameworks, including RBAC and least-privilege models
• Implement centralised logging, monitoring, and threat detection using AWS-native tooling (e.g. CloudTrail, GuardDuty, Security Hub)
• Embed security controls into CI/CD pipelines, including automated vulnerability scanning and release governance
• Design and deliver automated patching solutions using AWS Systems Manager
• Support threat detection and response automation, reducing reliance on manual processes
• Assess and optimise use of AWS-native security services, avoiding duplication and improving efficiency
• Ensure visibility of assets, dependencies, and vulnerabilities across the estate
• Contribute to secure, resilient multi-account architecture design aligned to AWS best practices
• Work within a centrally governed AWS environment, engaging with platform teams on SCPs, guardrails, and policy controls
• Produce clear security documentation, standards, and guidance, while supporting knowledge transfer across teams

Key Requirements

• Proven experience (3+ years) in a senior AWS security engineering role
• Deep hands-on expertise across AWS services including IAM, VPC, EC2, S3, CloudWatch, CloudTrail, Config, GuardDuty, and Security Hub
• Strong experience designing fine-grained IAM models across multi-account environments
• Expertise integrating AWS with enterprise identity providers (e.g. Okta, SSO, RBAC)
• Experience implementing logging, monitoring, and audit frameworks for security and compliance
• Strong understanding of vulnerability management, secure application practices, and patching strategies
• Experience embedding security within CI/CD pipelines and DevSecOps practices
• Knowledge of AWS Systems Manager, Inspector, and Config for operational security and compliance
• Ability to identify and mitigate risks relating to sensitive infrastructure exposure and IAM metadata
• Strong problem-solving and stakeholder engagement skills within complex cloud environments

Desirable Experience

• AWS certifications (Security Specialty, Solutions Architect, DevOps Engineer)
• Experience with Terraform or other Infrastructure as Code tooling
• Exposure to public sector environments and constraints
• Understanding of modern development frameworks and API technologies (REST/SOAP, API Gateway)

Please note that you must be eligible for BPSS clearance to commence this post.