About the role

Security Engineer specializing in design and implementation of technical security for cloud platforms at a UK data and software company. Focus on enhancing security controls across multi-tenant environments with a hands-on approach.

Responsibilities

Provide security engineering services as a member of the overall platform engineering service team
Secure all cloud infrastructure from both a deployment and detection standpoint
Coordinate and advise other team members on security approaches and industry best practices
Coordinate with MOD Security Authorities on risks and appropriate technical control options
Design, implement, manage and continually improve service-wide cloud security controls using the inherent / new security products and features provided on the existing hosting platform(S)
Architect and enforce Zero Trust and least-privilege models (RBAC, PBAC), restrictions, and platform security controls
Monitor security control effectiveness and drive continuous improvement of cloud hosting security governance
Ensure all technical security measures from the boundary to the tenant applications are optimal and exceed the MOD specified minimum base security requirements

Experience with on-premises Security Information and Event Management (SIEM) systems (e.g., Fortinet, Splunk, Elastic)
Ability to enhance, operate, and manage SIEM services for multi-tenant cloud platforms
Skills in event triage, escalation, and incident investigation, including collaboration with tenants and central SOC teams
Familiarity with real-time threat detection, monitoring, and alerting across network, boundary, hosting, and application layers
Hands-on experience with VMware Cloud Foundation (Incl. Aria operations and NSX-T) and related technologies in air-gapped or restricted environments
Security best practices, system and OS level security hardening (CISCAT, NIST benchmarking etc) security vulnerability scanning tools such as Nessus
Experience with infrastructure as code (IaC) tools (e.g., Terraform, Ansible, Packer) and containerization (e.g., Kubernetes, Tanzu) is desirable
Ability to assist with Business Continuity Planning, Risk and Asset management and AI Security is desirable
Understanding of MOD security compliance, including UK Security Levels, Secure by Design and NIST frameworks
Experience in delivering and supporting accredited solutions at multiple classification levels
CI/CD pipeline security and DevSecOps methodologies
The successful candidate must be eligible to obtain and maintain a SC level security clearance, DV clearance is preferred.

Annual Leave: 25 days plus your birthday off, with the ability to buy or sell up to five additional days
Private Healthcare: Comprehensive coverage with additional options for family members
Training & Skills Development: Ongoing learning opportunities to help you advance your career
Fitness Reimbursement: Support for gym memberships or fitness-related expenses
Life Assurance: Extensive life insurance coverage for peace of mind
Pension Contribution: Competitive options to help you plan for a secure financial future
Perkbox Subscription: Discounts on a wide range of products and services
Flexible Work Arrangements: Designed to support work-life balance and personal commitments
Internal Reward Schemes: Recognition initiatives to celebrate your contributions and achievements
Community Engagement & Volunteering: Opportunities to support meaningful causes through company-sponsored programs