Cloud Security Engineer (AWS)

at  Health Innovation East Eastern AHSN

DESIRABLE REQUIREMENTS

Qualifications and training
AWS Cloud Practitioner certification (or higher)
Industry recognised qualification in Cyber Security
Knowledge
Awareness of modern cryptography and its application for encryption in-transit, encryption at-rest, hashing and digital signatures
Skills
Excellent spoken and written communication
Able to convey security issues to technical and non-technical people.
Confident working in a collaborative team.
Comfortable prioritising and managing workload
Experience working with agile software development methodologies (e.g. Scrum or Kanban).
AWS Security Specialty Certification.
Awareness of security practices such as threat modelling and penetration testing.
Awareness of integrating application security tools (e.g. static analysis, dynamic analysis etc.) into the SSDLC.
Participation in the cyber security community (e.g. OWASP, HackTheBox, CTFs etc.).
Experience
Demonstrable experience git tooling, branching, tagging and release methods.
Demonstrable experience of production grade Python and Linux shell scripting.
Demonstrable experience of Infrastructure as Code development (Terraform, Ansible, ideally python-CDK).
Experience of AWS Cloud platform and AWS security best practices and use of AWS CLI & SDKs.
Evidence of direct experience working with web application security defence toolkits (e.g. OWASP Top 10).
Experience of vulnerability management and application security testing

JOB SUMMARY AND PURPOSE

As a Cloud Security Engineer, you will work closely with the wider Health Informatics function to design and implement secure environments for health data research on AWS. You will work within a multidisciplinary Agile team focusing on implementing DevSecOps throughout the development lifecycle of projects. This will include automating security monitoring and reporting (secret scanning, application/container scanning etc.) and introducing or enhancing security practices (e.g. vulnerability management and threat modelling) to new and existing projects. This role is charged with actively seeking out, designing, prioritising, implementing and improving the security posture of all layers of the stack on an ongoing basis. Additionally, maintenance and improvement of security scanning and automation pipelines to ensure tooling can be consumed by the wider team as part of ongoing development activities. The post holder will act as a both a subject matter expert and hands-on engineer in cloud security, increasing cyber security awareness within the team by sharing knowledge on threats and vulnerabilities, identifying and implementing proportionate security controls.
A significant portion of this role will be supporting the East of England Secure Data Environment (SDE). Part of an interoperable NHS Research Secure Data Environment network, giving approved researchers secure access to de-identified NHS healthcare data, for approved projects.

KEY RESPONSIBILITIES

• Work as an integral member of the cloud platform team to plan, prioritise recommend and implement security requirements as part of the secure software development lifecycle (SSDLC).
• Recommending and implementing security best practices for cloud platforms and automating compliance with cloud security baselines (e.g. CIS Benchmarks).
• Implementation of automated security tooling (e.g. within a Continuous Integration (CI) pipeline) to validate security requirements and identify potential issues.
• Reviewing the outputs from security tools and security practices. You will filter and prioritise these into security stories that can be understood and actioned by the delivery teams.
• Verifying the implementation of security principles, architectural patterns, and requirements.
• Driving the adoption of cyber security practices (e.g. vulnerability management, threat modelling etc.) within Agile delivery teams.
• Supporting wider cloud platform design and development activities.

CORPORATE AND PERSONAL RESPONSIBILITIES

• Promote equal opportunities and affirm that staff, colleagues, patients, and others who encounter Health Innovation East are afforded equality of access, experience and outcomes.
• Observe Health Innovation East’s equity, diversity and inclusion pledges in every aspect of your work, avoiding any behaviour which discriminates against colleagues, potential employees, patients, or partners on any grounds.
• Uphold and promote the organisation’s values.
• Work flexibly and collaboratively with others to achieve the organisation’s goals and support its values.
• Support the organisation in creating an environment that values risk management and promotes the highest standards of health and safety for Health Innovation East’s employees, supported by policies and procedures as appropriate.
• Ensure up to date knowledge is maintained and comply with current data protection laws and company data protection and confidentiality policies and procedures.
• Ensure that we only operate within our remit of not offering clinical advice.
• Adhere to all company policies and procedures and any applicable legislation.

Personal development responsibilities

• Understanding and awareness of own personal development needs
• Maintenance of a compliant professional portfolio where required

External - in addition, the successful appointee will need to develop and build relationships with external colleagues as relevant to the role. These may include, but are not limited to, relationships with colleagues within partner organisations such as:

• Industry partners including SMEs and large corporates within the health arena.
• Academic partners in Higher Education Institutes and Tech Transfer Offices.
• Funding/investment organisations.
• Applied Research Collaboration (ARC) East of England colleagues.
• NHS Trusts and NHS Foundation Trusts.
• Local Government.
• Integrated Care System and Integrated Care Boards.
• Third Sector Organisations.
• Patient Advisory Groups/Services