AWS Security Engineer

AWS Security Engineer

6 Month Contract

Essex (Hybrid)

£525/day (Inside IR35)

AWS Security Engineer needed for a 6 Month Contract in Essex (Hybrid). Active SC Security Clearance preferred. Start asap in Jan/Feb 2026.

Hybrid Working - 3-4 days/week remote (WFH), and 1-2 days/week working on-site from the office based in Grays (Essex).

A chance to work with a leading global IT and Digital transformation business specialising in delivering large-scale Government projects.

Key experience + tasks will include:

• Must have extensive AWS Cloud Security Engineering expertise.
• Key Objective: taking ownership of AWS Cloud Security across discovery, design, implementation + large-scale workload migration.
• The role sits at the centre of a major AWS transformation program including Landing Zone establishment, EUC/Citrix-to-WorkSpaces modernisation, and full datacentre migration.
• Shaping identity, compliance, guardrails, monitoring, MFA/Conditional Access, and ongoing hardening for production.
• Validating MFA, Conditional Access, encryption, logging in discovery phase.
• Designing + embedding IAM, RBAC, federation + authentication patterns into architectures.
• Defining AWS security guardrails, SCPs, monitoring + compliance baselines.
• Configuring IAM roles, key management, encryption, logging, CloudTrail, Config, GuardDuty + Security Hub.
• Supporting Landing Zone build-out including identity federation, tagging, audit + multi-account governance.
• Implementing VDI, WorkSpaces, Citrix security hardening, MFA, Conditional Access + admin console security.
• Validating security during pilot migration and bulk migration (200+ workloads) across IAM, MFA, encryption, BCP.
• Tuning monitoring dashboards, alerting + incident triage in hypercare.
• Technical Skills: IAM, RBAC, SCP, AWS Organizations, MFA, Conditional Access, Entra AD federation, CIS, compliance, encryption, KMS, RPO/RTO, enabling GuardDuty, Security Hub, CloudTrail, Config + migration security validation.