Cloud Security Engineer

We’re looking for a Cloud Security & Governance Engineer who can design, automate, and enforce cloud controls at scale. If you enjoy building policy-as-code frameworks, enabling shift-left security, and strengthening cloud governance across complex environments, this role is for you.

The Role

You’ll own the design and implementation of organization-wide cloud controls across AWS and Azure. You’ll work closely with DevOps, Security, Risk, and Compliance teams to embed secure-by-default practices and ensure continuous adherence to security and regulatory requirements. This is a hands-on engineering role where you’ll build automation, develop policy frameworks, and help teams remediate issues efficiently.

Key Responsibilities
  • Design, implement, and manage organization-wide cloud controls using Azure Policies, AWS Organizations, SCPs, Config Rules, and Cloud Custodian
  • Architect and enforce Zero Trust and least-privilege models (RBAC, PBAC), region restrictions, and platform security controls
  • Collaborate with DevOps/Cybersecurity teams to resolve non-compliant cloud resources
  • Monitor control effectiveness and drive continuous improvement of cloud governance
  • Provide technical leadership and mentor teams on cloud policy best practices
  • Work with risk, compliance, and audit teams to produce control evidence
  • Implement and manage CNAP policies using Wiz for posture assessment and remediation
  • Embed security early by integrating vulnerability scanning, IaC policy enforcement, and compliance checks into GitLab CI/CD
  • Develop policy-as-code frameworks using OPA/Rego to prevent misconfigurations pre-deployment
  • Integrate security controls into Terraform and other IaC workflows
  • Champion shift-left practices—enabling developers to self-remediate issues during build and coding stages
  • Build SOAR playbooks to automate response and remediation workflows
Experience Requirements
  • 3+ years in Cybersecurity and CNAP-focused roles
  • Deep AWS security expertise: IAM, Organizations, SCPs, cloud security architecture
  • Hands-on experience with Cloud Custodian or similar policy automation tools
  • Proficiency with Terraform or AWS CloudFormation
  • Strong understanding of cloud compliance frameworks (CIS, NIST, ISO, etc.)
  • Expertise in OPA/Rego for policy-as-code
  • Experience with Wiz CNAP for cloud security posture management
  • Advanced Python scripting for automation and remediation workflows
  • Experience driving DevSecOps automation and shift-left security adoption
  • Strong collaboration skills across engineering and CISO/leadership teams
Apply Now
Apply Now

Job Details

Company
Lynx Recruitment Ltd
Location
London, South East, England, United Kingdom
Employment Type
Full-Time
Salary
£60,000 - £80,000 per annum
Posted