Cloud Security Engineer

Cloud Security Engineer - London - Hybrid - Major Energy Institution

  • 2 year fixed term contract
  • Role comes with full benefits package, private healthcare, bonus etc on top of salary
  • £89,500 - £97,500 base + bonus
  • Hybrid - two days a week in the London office

The Cloud Security Engineer is a hands-on technical role with a strong focus on cloud security, application security and securing software delivery pipelines. The role is responsible for embedding security controls across our clients cloud platforms, development toolchains and application estate, ensuring that security is a first-class concern from code commit through to production. The majority of time is spent engineering and operating security controls, with a supporting contribution to security design and architecture.

Working alongside the UK CISO, local cyber teams and global security colleagues, the role drives security outcomes across cloud environments (Azure/AWS), CI/CD pipelines and application platforms. The position also contributes to architecture reviews and secure design activities, ensuring engineering decisions are grounded in sound architectural principles aligned with NIS2, ISO27001 and Group cyber frameworks.

Cloud Security Engineer - Key Accountabilities

Security Engineering (70%)

  • Own and operate cloud security controls across Azure and AWS environments, including CSPM (e.g. Defender for Cloud, AWS Security Hub), cloud-native WAF, network security groups and identity controls.
  • Implement and manage security guardrails and policies across cloud tenants using Infrastructure-as-Code (Terraform, Bicep or equivalent), ensuring consistent, auditable security baselines.
  • Embed security into CI/CD pipelines across GitHub Actions, Azure DevOps or equivalent platforms — integrating SAST, DAST, SCA, secrets scanning and container image scanning into delivery workflows.
  • Champion Shift Left security practices, working directly with development and platform engineering teams to ensure vulnerabilities are identified and resolved before reaching production.
  • Perform hands-on application security assessments including threat modelling, code review, OWASP-aligned testing and API security validation across internal and third-party applications.
  • Manage and operate software composition analysis (SCA) and dependency vulnerability tracking, driving remediation of vulnerable libraries and open-source components across the application estate.
  • Configure and maintain container and Kubernetes security controls, including image signing, admission policies, runtime protection and network policies.
  • Build and maintain security automation and tooling to streamline detection, policy enforcement and compliance reporting across cloud and DevOps platforms.
  • Operate and tune SIEM (e.g. Microsoft Sentinel) detections relevant to cloud and application attack vectors, developing use cases and response playbooks in collaboration with GSOC.
  • Support incident response activities involving cloud environments or application-layer attacks, with hands-on investigation and containment capability.
  • Maintain IAM and privileged access controls across cloud platforms, including Entra ID / Azure AD, role-based access control and just-in-time access policies.

Security Architecture & Design (30%)

  • Contribute to cloud and application security architecture patterns, defining reusable reference designs for secure cloud landing zones, API security and containerised workloads.
  • Provide engineering-led input into architecture and design reviews, with particular focus on cloud-native solutions, microservices and third-party SaaS integrations.
  • Participate in the Architecture Review Board (ARB), advising on the security implications of proposed cloud, application and platform designs.
  • Define secure software development standards and CI/CD security requirements, collaborating with platform engineering to embed these into delivery frameworks.
  • Produce and maintain technical security documentation including secure coding standards, cloud security baselines, pipeline security guidelines and architecture decision records.
  • Support cyber security risk analysis for cloud and application solutions, contributing engineering depth to risk assessments and mitigation planning.
  • Evaluate emerging cloud security technologies, DevSecOps tooling and threat intelligence relevant to their technology landscape.

Cloud Security Engineer Experience

  • Significant hands-on experience in cloud security, application security or DevSecOps engineering roles.
  • Proven track record of embedding security into software delivery pipelines and cloud platform programmes.
  • Experience performing or managing application security assessments including threat modelling and OWASP-aligned testing.
  • Experience working directly alongside software engineering or platform teams in an agile delivery environment.
  • Exposure to energy, utilities or critical national infrastructure environments (desirable).
  • Familiarity with security architecture principles and participation in cloud or solution design review processes.
Apply Now
Apply Now

Job Details

Company
Vallum Associates
Location
City of London, London, United Kingdom
Posted