Lead Security Cloud Engineer

Location: London, Potters Bar, Bristol or Isle of Man (Hybrid work options available)

We are seeking a Lead Security Cloud Engineer with strong DevSecOps skills to join our team. The successful candidate will be a part of the product team responsible for ensuring Canada Life UK’s Cloud Platform is best in class!

As a member of the Cloud Platform team, you will be involved in every stage of product lifecycle of the platform from conception, design, implementation, testing and through to operational support - applying a security focus at all points. Moreover, you will be looking at security across all products in our cloud estate.

With automation at the heart of everything we are doing, you should have a strong hands-on understanding of CI/CD tools, IaC, and the best ways to integrate Security into the product lifecycle.

We are looking for Azure experience, though strong experience in any cloud is welcome. CLUK are looking to move to multi-cloud setup soon.

Canada Life operates a Hybrid and Work from Home model - with the expectation of being in the office for meets and events. Office locations include Bristol (preferred), London, Isle of Man.

Responsibilities

• Design, implement, and maintain cloud security on Azure using Bicep and CI/CD Pipelines.
• Develop automation scripts for upkeep, detection, and remediation of cloud security.
• Champion security best practices, such as zero-trust and Secured by Design, within the cloud platform team and across all CLUK product teams.
• Troubleshoot and resolve issues related to cloud security infrastructure and applications.
• Ensure compliance with security policies and standards across CLUK using guardrails.
• Participate in technical discussions and provide recommendations for improvements.
• Document system configurations and processes.
• Provide support to other teams as needed.
• Providing coaching and guidance for less experienced team members and across CLUK.
• Providing automated reporting to stakeholders on security posture and issues
• Work closely with our IT Risk & Security Function as well as the wider group Security Operations team to ensure alignment while advocating for cloud security best practices.

Requirements

• Experience in cloud security engineering including network security.
• Strong understanding of cloud, Azure, and related services
• Experience with Bicep or other IaC deployments, with experience providing IaC as a service to developer teams.
• Strong understanding of CI/CD pipeline security techniques and tools such AST, SCA, and SLSA. Experience implementing and working with Azure DevOps or GitHub Actions (or similar) - and the code scanning tools that can be used i.e., Veracode, CodeQL, PrismaCloud.
• Strong understanding of Azure Defender for Cloud and Sentinel.
• Understands Azure Policy and Policy-as-Code.
• Strong scripting skills in PowerShell and/or Python.
• Strong knowledge on data security best practices and tools i.e., Purview.
• Knowledge of containerization technologies such as Docker and Kubernetes and how to secure them.
• Excellent problem-solving and troubleshooting skills.
• Effective communication and collaboration skills.
• Ability to work independently and in a team environment.
• Microsoft Azure certifications are a plus.