Cloud Security Engineer

Lynx are looking for a Cloud Security Engineer who can design, automate, and enforce cloud controls at scale. If you enjoy building policy-as-code frameworks, enabling shift-left security, and strengthening cloud governance across complex environments, this role is for you.

The Role

You'll own the design and implementation of organization-wide cloud controls across AWS and Azure. You'll work closely with DevOps, Security, Risk, and Compliance teams to embed secure-by-default practices and ensure continuous adherence to security and regulatory requirements. This is a hands-on engineering role where you'll build automation, develop policy frameworks, and help teams remediate issues efficiently.

Key Responsibilities

  • Design, implement, and manage organization-wide cloud controls using Azure Policies, AWS Organizations, SCPs, Config Rules, and Cloud Custodian

  • Architect and enforce Zero Trust and least-privilege models (RBAC, PBAC), region restrictions, and platform security controls

  • Collaborate with DevOps/Cybersecurity teams to resolve non-compliant cloud resources

  • Monitor control effectiveness and drive continuous improvement of cloud governance

  • Provide technical leadership and mentor teams on cloud policy best practices

  • Work with risk, compliance, and audit teams to produce control evidence

  • Implement and manage CNAP policies using Wiz for posture assessment and remediation

  • Embed security early by integrating vulnerability scanning, IaC policy enforcement, and compliance checks into GitLab CI/CD

  • Develop policy-as-code frameworks using OPA/Rego to prevent misconfigurations pre-deployment

  • Integrate security controls into Terraform and other IaC workflows

  • Champion shift-left practices-enabling developers to self-remediate issues during build and coding stages

  • Build SOAR playbooks to automate response and remediation workflows

Experience Requirements

  • 3+ years in Cybersecurity and CNAP-focused roles

  • Deep AWS security expertise: IAM, Organizations, SCPs, cloud security architecture

  • Hands-on experience with Cloud Custodian or similar policy automation tools

  • Proficiency with Terraform or AWS CloudFormation

  • Strong understanding of cloud compliance frameworks (CIS, NIST, ISO, etc.)

  • Expertise in OPA/Rego for policy-as-code

  • Experience with Wiz CNAP for cloud security posture management

  • Advanced Python Scripting for automation and remediation workflows

  • Experience driving DevSecOps automation and shift-left security adoption

  • Strong collaboration skills across engineering and CISO/leadership teams

Apply Now
Apply Now

Job Details

Company
Lynx Recruitment Ltd
Location
London, United Kingdom
Employment Type
Permanent
Salary
GBP 80,000 Annual
Posted