Cloud Security Engineer in Hereford

Security Clearance Requirement: Active SC Clearance

Company Overview: My client supports organisations in transforming large and complex multi-modal datasets into information-rich geospatial data subscriptions, enabling a broad range of use cases. They specialise in delivering high-fidelity data solutions that allow customers to generate insights quickly and effectively. They are a fast-paced, high-performing organisation that values diversity and inclusion, recognising that different perspectives drive stronger results. The team is trusted with a high level of autonomy, fostering ownership, innovation, and job satisfaction. With a mission-led mindset and entrepreneurial approach, they are building advanced capabilities to unlock the value of large-scale data and contribute to a safer, stronger, and more prosperous world.

Team Overview: The team consists of technologists, data scientists, and analysts with backgrounds in operational intelligence, law enforcement, cybersecurity, and large multinational organisations. They are focused on developing products that transform how global organisations, governments, and non-profits defend against external threats and adversaries.

Position Overview: My client is seeking a proactive and motivated Cloud Security Engineer with a strong focus on Microsoft Azure security to join a growing team. This role would suit a security engineer or SecOps professional who understands the importance of maintaining highly secure environments and is keen to work across cloud, endpoint, and infrastructure domains. While the primary focus is Azure security engineering, experience with hardware and traditional infrastructure security would be advantageous.

Team Principles: The team operates best when they:

• Remain curious and passionate about their work
• Communicate clearly, directly, and transparently
• Follow a “measure twice, cut once” approach
• Embrace diverse ideas and technologies
• Lead with empathy in all interactions

Responsibilities:

• Security Engineering & Automation: Design, build, and maintain security automation and tooling to enforce controls and support compliance. Implement and manage identity and access management controls across cloud platforms and applications. Write and review Infrastructure as Code (Bicep/Terraform) to ensure secure configurations. Implement preventative and detective controls within Azure, including automated remediation. Secure CI/CD pipelines, integrating SAST, DAST, and SCA tooling to maintain supply chain integrity. Engineer Kubernetes security solutions, including RBAC, network policies, and runtime protection.
• Detection, Monitoring & Incident Response: Perform incident response activities including triage, containment, eradication, and recovery. Develop and optimise security detections (e.g. Sentinel, KQL, YARA). Manage logging, ingestion pipelines, and monitoring infrastructure. Conduct threat hunting and analysis to identify emerging risks. Lead or support incident investigations, including post-incident reviews and remediation.
• Vulnerability & Risk Management: Identify, track, and remediate vulnerabilities across cloud, endpoint, and infrastructure environments. Implement controls arising from security assessments, audits, and architecture reviews. Support third-party risk assessments and vendor due diligence.
• Governance, Documentation & Projects: Maintain security documentation, including standards, runbooks, and procedures. Contribute to and lead security-focused projects and implementations.

Required Experience:

• 3+ years’ experience in security engineering or security operations, ideally in cloud-first environments
• Strong understanding of cloud security architecture with hands-on experience securing cloud services
• Experience with the Azure security ecosystem, including Microsoft Defender for Cloud, Azure Policy, and related tooling
• Experience with SIEM platforms (Azure Sentinel preferred), including detection development, alert tuning, and incident investigation
• Proven incident response experience across the full lifecycle
• Experience integrating security into development and engineering workflows
• Familiarity with endpoint security solutions and MDM/EMM tools
• Experience securing containerised environments (e.g. Kubernetes) and CI/CD pipelines
• Scripting and automation experience (e.g. PowerShell, Python, KQL, Bicep)
• Strong networking and infrastructure security knowledge (protocols, firewalls, IDS/IPS, WAFs, hardening)
• Familiarity with incident response frameworks (e.g. NIST, SANS)
• Experience with cloud-native logging, monitoring, and detection tools
• Strong understanding of modern threat landscapes and frameworks (e.g. OWASP Top 10, MITRE ATT&CK)