Network Security Engineer supporting Cloudflare's sophisticated customers in resolving technical issues and mitigating attacks. Engaging with various Cloudflare products and collaborating with Engineering and Ops teams.
About the role
- AWS-focused security engineer responsible for remediating vulnerabilities in cloud applications. Collaborating with developers and data engineers to implement secure fixes.
Responsibilities
- Own end-to-end remediation of AWS and workload vulnerabilities: confirm findings, assess impact, prioritise actions, and track through to closure.
- Partner with Developers and Data Engineers to implement secure fixes in code, infrastructure, and delivery pipelines (IaC, containers, serverless, OS/packages).
- Work with the AWS Security Lead to ensure remediation aligns with AWS security controls, internal risk policies, and compliance requirements.
- Improve and automate vulnerability management processes (e.g., scanning coverage, SLAs, exception handling, evidence capture).
- Embed security into CI/CD and the SDLC: shift-left reviews, secure coding guidance, dependency management, and pipeline guardrails.
- Configure, tune, and operate AWS security services (e.g., GuardDuty, Security Hub, Inspector, Config, IAM Access Analyzer) to reduce exposure and prevent repeat issues.
- Produce clear remediation guidance, runbooks, and reporting dashboards for both technical and non-technical stakeholders.
- Support incident response and post-remediation validation where high-risk findings are exploited or trending.
Requirements
- Deep, hands-on AWS security experience across IAM, networking, compute, storage, serverless, and managed data services.
- Strong knowledge of the AWS Well-Architected Security Pillar and common control frameworks (CIS AWS Foundations, NIST/ISO-aligned controls).
- Demonstrable experience implementing and validating AWS security controls, including:
- IAM least privilege, roles, permission boundaries, SCPs, and access reviews
- VPC segmentation, security group/NACL design, private endpoints, WAF/Shield
- Encryption in transit and at rest using KMS, TLS, and secrets management
- Logging and monitoring: CloudTrail, CloudWatch, Config, centralised SIEM patterns
- Threat detection and posture management using AWS native services
- Strong understanding of modern SDLC, CI/CD, and DevSecOps approaches.
- Proven experience managing the full vulnerability lifecycle: triage, prioritisation (CVSS/EPSS/KEV), remediation, verification, and reporting.
- Comfortable remediating a wide range of findings: OS/package CVEs, container images, third-party libraries, serverless runtimes, and cloud misconfigurations.
- Able to translate security findings into clear, practical tasks for engineering teams and coach on secure implementation.
- Infrastructure as Code: Terraform and/or CloudFormation; able to review and fix security weaknesses in IaC.
- Scripting/automation skills in Python, Bash, or similar to streamline remediation and control validation.
- Familiarity with container and serverless security (ECR, ECS/EKS, Lambda, image scanning, runtime hardening).
- Experience with common vulnerability and scanning tools (e.g., AWS Inspector/Security Hub, Snyk, Trivy, Dependabot, Prisma/Qualys/Tenable, etc.).
- Security certifications such as AWS Security Specialty, AWS Solutions Architect, or equivalent.
- Experience supporting data platforms on AWS (Glue, EMR, Redshift, Athena, RDS, OpenSearch, Kafka/MSK).
- Knowledge of secure coding practices in Python/Node/Java or your core development stack.
- Highly collaborative and pragmatic; you enjoy working directly with engineers to ship secure fixes quickly.
- Strong risk judgement and the ability to balance urgency with operational impact.
- Clear communicator who can write concise remediation guidance and present progress to stakeholders.
- Ownership mindset: you drive remediation through to completion, not just identification.
Benefits
- Outside IR35
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Customer Success Assistant facilitating operations between clients and suppliers for risk management. Seeking analytical profiles to monitor compliance and improve processes.
Principal Engineer in Product Security at commercetools solving technical challenges for an ambitious product. Collaborating with teams to build secure services on multi - cloud infrastructure.
Principal Engineer Product Security supporting Engineering by solving technical problems and building secure services. Collaborating with teams to drive product security and improve security posture.
Principal Engineer, Product Security supporting engineering teams to build secure services at commercetools. Driving product security strategy and collaboration across teams.
Principal Engineer for Product Security at commercetools ensuring secure development and implementation of security practices across product teams.
Lead Security Design Specialist at Boeing monitoring and managing complex security projects while guiding teams. Focused on regulatory compliance and technical control integration in IT environments.
Cybersecurity - Information System Security Manager responsible for security compliance in classified environments. Leading assessments, audits, and risk management for information systems in the cybersecurity domain.
Security Engineer implementing security controls and risk analyses for cloud environments at UOL EdTech. Collaborating with development teams for secure coding practices and compliance.
Cybersecurity Specialist responsible for developing IT security architecture and conducting security assessments for GFT customers and internal projects. Advising on security controls and collaborating with cross - functional teams.