Job Title: Cloud Security Engineer
Location: London (hybrid)
Industry: Healthcare
About the Role:
Our client is evolving from a Cloud Infrastructure team to a Platform Engineering team to better support their expanding business. Their mission is to empower Product teams to deliver value quickly, reliably, and securely by focusing on four key areas: Cloud Infrastructure, Networking & Security, Engineering Productivity, and Resilience & Reliability.
As a Cloud Security Engineer, you’ll play a critical role in safeguarding the client’s digital assets, with a primary focus on Application and Platform security. You’ll collaborate closely with Engineering teams to enhance security knowledge and awareness across the business, advocate for best practices, and lead by example.
You’ll work with technologies such as Azure App Services and Container Apps, guiding teams in adopting secure practices and implementing effective solutions.
Key Responsibilities:
Application Security
- Manage vulnerability and threat mitigation, working closely with Developers to enhance code security and ensure compliance with security policies.
- Support penetration testing efforts, internal audits, and automated scans (SCA, SAST, DAST).
- Collaborate across DevSecOps to improve automation, observability, and resilience, focusing on SDLC security.
- Regularly assess and enhance the security posture of network, system, and cloud environments by identifying risks and implementing mitigation strategies.
- Monitor and maintain security services and infrastructure, building dashboards and alerts for proactive action.
- Support cloud-native infrastructure services, addressing security concerns, and ensuring compliance with standards like CE+, DSPT Toolkit, and ISO 27001.
- Continuously improve security policies, processes, and infrastructure.
- Advocate for secure infrastructure and coding best practices, raising awareness through guilds, training, and presentations.
- Stay updated on industry changes, adapting best practices to meet the client’s evolving needs.
- Lead security assessments, support policy development, and oversee the implementation of security controls to protect critical assets.
Must Haves:
- Extensive hands-on experience in application and cloud security, especially in Azure, with a solid understanding of cyber security principles.
- Strong expertise in secure coding practices, tools like Snyk, OWASP Dependency-Track, and SonarCloud, and addressing OWASP Top 10 vulnerabilities.
- Proficiency in cloud networking infrastructure: Application Gateways, VNets, Firewalls, and Private Endpoints.
- Experience implementing secure cloud infrastructure solutions, including PaaS and IaaS, and familiarity with tools like Qualys, Sentinel, and Defender.
- Knowledge of frameworks like ISO 27001, NIST, and CIS, and experience ensuring compliance with these standards.
- Hands-on experience with investigation tools, threat modelling, SIEM, and SOAR.
- Excellent communication skills, able to explain complex security concepts to technical and non-technical stakeholders.
- An innovative mindset, with a willingness to challenge the status quo.
- Expertise in secure cloud infrastructure using Infrastructure as Code (IaC) with tools like Bicep and Terraform.
- Contributions to security awareness training programs for developers.
- Experience working in Agile environments, including Scrum and Kanban methodologies.
- Background in small but growing start-up environments.
