At a Glance
- Tasks: Champion cloud security integration and manage security posture across development teams.
- Company: Leading tech firm focused on innovative cloud solutions.
- Benefits: Competitive salary, flexible working, and opportunities for professional growth.
- Other info: Exciting projects with potential for career advancement.
- Why this job: Join a dynamic team to shape the future of cloud security.
- Qualifications: Experience in application security and strong cloud networking skills.
The predicted salary is between 60000 - 80000 Β£ per year.
Responsibilities
- Champion integration of security testing into CI/CD pipelines across all development teams and usage of automated security gates: SAST, DAST, dependency scanning, secrets detection.
- Enable self-serve security tooling for development teams.
- Ability to set up development environment.
- Own cloud security posture management using Wiz (or similar CSPM).
- Define and enforce cloud security baselines, guardrails, and policies in AWS.
- Implement and maintain IaC security scanning for Terraform.
- Manage IAM policies, network segmentation, and secrets management.
- Configure and tune SIEM (or similar) for cloud-focused detection.
- Establish logging, monitoring, and alerting requirements based on threat modelling.
- Investigate and respond to cloud security events.
- Identify, articulate, and escalate security risks to senior leadership with mitigation plans.
- Track and remediate vulnerabilities across infrastructure.
- Manage customer initiatives related to due diligence when required.
- Support and develop annual programme of Penetration Testing and associated remediations.
- Partner with internal and stakeholder management to support any requirements from the security function - particularly governance and accreditation requirements across different countries.
- Provide expertise on emerging threats and vulnerabilities.
- Support response to customer/client due diligence requests with timely and accurate information regarding vulnerability exposure.
Requirements
- Proven experience in application security, DevSecOps, or cloud security.
- Strong understanding of cloud networking.
- Experience securing cloud environments (AWS, Azure).
- Ability to read and write IAC (Terraform) code, comfortable with IAC lifecycles.
- Familiarity with container security and Kubernetes.
- Understanding of secure coding, penetration testing techniques, SIEM, and vulnerability management.
- Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security and risk analysis.
- Understanding of managing Secure Development Lifecycle and Vulnerability Management.
- Understanding and practical experience of ISO27001:2022 controls and audit processes.
We think you need these skills to ace Senior Cloud Security Engineer, London/Bristol
Cloud Security
CI/CD Integration
Automated Security Gates
CSPM (Wiz or similar)
AWS Security Baselines
IaC Security Scanning (Terraform)
IAM Policies Management