AWS Security Engineer

We are looking for an AWS Cloud Engineer to join our Service Infrastructure team in Solihull (West Midlands).

What you’ll be doing

Reporting to the CISO you’ll be involved in:

- Collaborating with DevOps teams to design and implement secure AWS infrastructure, services, and applications.

- Conduct regular security assessments and audits of AWS environments to identify and address potential vulnerabilities and risks.

- Implement and maintain security controls and compliance measures based on industry standards and regulatory requirements.

- Key member of the incident response efforts, conduct root cause analysis, and recommend corrective actions to prevent future incidents.

- Monitor AWS security alerts, events, and incidents, and respond promptly to mitigate security threats.

- Develop and implement security automation scripts and tools to streamline security tasks in the DevOps pipeline.

- Participate in threat modelling exercises and risk assessments to proactively identify security weaknesses and prioritize remediation efforts.

- Stay up-to-date with the latest security trends, tools, and technologies in the AWS ecosystem, and propose their adoption where appropriate.

- Provide security guidance and training to development and operations teams to foster a security-conscious culture.

- Be involved with projects to make sure security is taken into consideration.

Who we're looking for

we prioritise hiring individuals who share our values and possess the right attitudes and behaviours for success. Whilst some of the listed requirements may be important, don’t worry if you don’t meet all of them, we’d still like to hear from you.

- Minimum of 3 years of hands-on experience as a Security Engineer or related role in an AWS DevOps environment.

- Proficiency in AWS services and features, including IAM, VPC, EC2, S3, RDS, Lambda, and CloudFormation.

- Strong understanding of security best practices, principles, and frameworks, such as ISO 27001 controls and NIST Guidelines.

- Experience in implementing security automation using scripting languages e.g. Python and infrastructure-as-code (IaC) tools.

- Ability to perform security threat modeling and risk assessments to identify and prioritize security risks.

- Experience with security incident response and handling, including log analysis and forensics.

- Strong communication and interpersonal skills to collaborate effectively with cross-functional teams.

- In-depth knowledge of AWS Security Products and logging tools such as SecurityHub, Inspector, Detective, CloudTrail, GuardDuty and CloudWatch.

- Certifications such as AWS Certified Security Specialty are a plus.

- Have up to date knowledge on cyber.

- Good working knowledge of open-source Pen test tools i.e. Burpsuite, ZAP, Nikito, Metasploit, SQLmap.

What your impact and success looks like

As a Security Engineer we expect your success and impact in the early stages of your career with us to look something like this:

Within 1 month:

- Familiarity with Company Policies and Security Infrastructure

- Familiarity with AWS Security Best Practices and the business Setup

- Integration into DevOps Workflow

Within 3 months:

- Security Incident Handling and Remediation

- Security Automation and Tooling

- Security Compliance and Auditing

- Collaboration with Development Teams

Within 6 months:

- Threat Modelling and Risk Assessment

- Continuous Improvement Initiatives

- Security Incident Management