Work as part of the Infrastructure team defining and improving our general security posture across legacy and green field resources including data, applications and networks
Provide point of expertise on application, data and network security to our wider engineering teams
engaging with them in order to ensure consistent adoption of security policies and best practice
Participate in the automation of software to our cloud platform and embed security into our methodology, embracing DevSecOps
Improve our monitoring and alerting systems to enhance them with specific and relevant security data points
Participate in an on-call rotation and assist with troubleshooting issues that arise
Defining and implementing a Security Incident Response process/policy with regular evolvement, testing and adherence

Three years or more experience in Cloud Infrastructure roles (predominantly AWS) working within teams that practice DevSecOps
Ability to interact comfortably with AWS via CLI and/or API
Proficient in managing Infrastructure exclusively with Terraform
Specific expertise in threat assessment, attack surface management, data security, the network stack at L4 and L7, DNS, VPC security, IGW, WAF and CloudFront
Experience designing and managing IAM policies, roles and trust policies
Good knowledge of most of VPN, MFA, SAML, OAuth2, KMS and TLS
Good knowledge of some IdP (Okta, OneLogin, Auth0) frameworks and integrations
Experience building and running Docker images/containers securely, including container orchestration security
Experience of code security audit, static and dynamic analysis, defensive programming techniques and visualisation and measurement of security KPIs
Expertise in at least one scripting or programming language (Python, Bash, Ruby, Node, Golang, Java)

Senior Cloud Security Engineer

Key skills