As a Security Engineer, you will own end-to-end security across multiple enterprise and mid-market cloud projects. Your initial mission is to embed automated controls and best practices into every AWS- and Azure-based delivery, shifting the organisation from reactive fixes to a proactive security posture. Reporting directly to the Director of Engineering, Cloud, you will partner daily with Technology, Cloud, Engineering and Account-Management teams and act as a client-facing security authority - able to brief both technical staff and C-level executives.

Your Responsibilities

• Design, implement and enforce comprehensive Secure SDLC processes, integrating automated security controls, threat modeling, secure coding standards, and continuous security testing throughout the entire development lifecycle.
• Develop, document and enforce security policies in our Confluence-based knowledge base and project DMS.
• Harden multi-account AWS and Azure estates (EC2, S3, IAM, VPC, CloudTrail, CloudFront; Virtual Machines, Storage Accounts, Key Vault, NSG, Policy, Monitor).
• Deploy and tune SIEM/log-management platforms (Splunk, ELK, Microsoft Sentinel); craft queries and dashboards that surface actionable threats.
• Run scheduled and continuous vulnerability scans (Qualys, Rapid7, Defender), interpret results and drive remediation with Engineering.
• Configure and manage security edge controls—firewalls, WAFs (Akamai, AWS/Azure WAF) and IDS/IPS—tailored to each client’s risk profile.
• Integrate SCA (Trivy, Grype, Snyk) and DAST (OWASP ZAP) tooling into build pipelines; champion secure-by-design coding practices.
• Lead security architecture reviews and threat-model sessions with cross-functional, multi-country delivery teams.
• Present findings, roadmaps and risk mitigation strategies directly to enterprise clients, translating technical issues into clear business impact.
• Continuously evaluate emerging threats, Zero-Trust patterns and supply-chain risks; recommend tooling and process improvements that keep us ahead of third-party scans.

REQUIREMENTS

• 7 + years of hands-on security engineering in cloud-native, agile environments.
• Expert knowledge of core AWS and Azure services and how to secure them at scale.
• Proven SIEM experience—log ingestion, correlation rule creation and dashboarding.
• Deep understanding of vulnerability management tools and remediation cycles.
• Practical experience with WAF/IDS/IPS configuration, network protocols (TCP/IP, DNS, HTTP) and Zero-Trust/IAM best practices (AD, Azure AD, Okta).
• Comfort operating as a solo security function: you set the standards, choose the tools (budget approved) and drive adoption company-wide.
• Consultative mindset with excellent written and verbal English; able to brief board-level stakeholders and guide client teams through complex security topics.

• Design, implement and enforce comprehensive Secure SDLC processes, integrating automated security controls, threat modeling, secure coding standards, and continuous security testing throughout the entire development lifecycle.
• Develop, document and enforce security policies in our Confluence-based knowledge base and project DMS.
• Harden multi-account AWS and Azure estates (EC2, S3, IAM, VPC, CloudTrail, CloudFront; Virtual Machines, Storage Accounts, Key Vault, NSG, Policy, Monitor).
• Deploy and tune SIEM/log-management platforms (Splunk, ELK, Microsoft Sentinel); craft queries and dashboards that surface actionable threats.
• Run scheduled and continuous vulnerability scans (Qualys, Rapid7, Defender), interpret results and drive remediation with Engineering.
• Configure and manage security edge controls—firewalls, WAFs (Akamai, AWS/Azure WAF) and IDS/IPS—tailored to each client’s risk profile.
• Integrate SCA (Trivy, Grype, Snyk) and DAST (OWASP ZAP) tooling into build pipelines; champion secure-by-design coding practices.
• Lead security architecture reviews and threat-model sessions with cross-functional, multi-country delivery teams.
• Present findings, roadmaps and risk mitigation strategies directly to enterprise clients, translating technical issues into clear business impact.
• Continuously evaluate emerging threats, Zero-Trust patterns and supply-chain risks; recommend tooling and process improvements that keep us ahead of third-party scans