Cloud & Application Security Engineer

Cloud & Application Security Engineer 

CI/CD Pipelines, DevSecOps, SDLC, AWS, Azure

Remote OUTSIDE IR35 Contract - £650p/d - 3 monthly rolling contract

Role Overview: As a Cloud & Application Security Engineer, you will play a crucial role in ensuring the security and integrity of our cloud and application infrastructure. Leveraging your expertise in AWS and DevSecOps practices, you will be responsible for implementing Secure by Design and Privacy by Design principles across our systems and SDLC. This role requires hands-on experience with cloud security tools and technologies, along with the ability to collaborate effectively within cross-functional teams.

Key Responsibilities:

• Implement and maintain security best practices within AWS cloud infrastructure.
• Conduct threat assessments and manage attack surfaces to proactively identify and mitigate potential security risks.
• Configure and manage network security components including DNS, VPC, IGW, WAF, API Gateways, and CloudFront.
• Utilize AWS CLI and API to interact with cloud services and automate security processes.
• Securely build and manage Docker containers, ensuring container orchestration security.
• Perform code security audits, static and dynamic analysis, and implement defensive programming techniques.
• Define and operate a Security Incident Response process, ensuring timely and effective response to security incidents.
• Monitor and configure alerting systems to detect and respond to security threats.
• Collaborate with internal teams to integrate identity and access management solutions, including VPN, MFA, SAML, OAuth2, and KMS.

Required Skills and Qualifications:

• Experience across the SDLC 
• Expertise in threat assessment, data security, and network security at Layer 4 and Layer 7.
• Proficiency in AWS CLI and API for cloud infrastructure management.
• Strong understanding of Secure by Design and Privacy by Design principles.
• AWS Certified Security Specialist certification preferred
• Experience with container security, including Docker and container orchestration.
• Familiarity with scripting or programming languages for automation tasks.
• Experience defining and operating Security Incident Response processes.
• Knowledge of Windows security, particularly Azure Active Directory.
• Understanding of cloud-native and 12-Factor applications.
• Exposure to offensive or defensive penetration testing is desirable.
• Experience working in the retail and/or finance industry is preferred.

Although this is a remote position there may be a need to travel occasionally to client site in the Warwickshire area