Cloud Security Engineer

Lynx Recruitment Ltd
Charing Cross, United Kingdom
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
£ 80K

Job location

Charing Cross, United Kingdom

Tech stack

Amazon Web Services (AWS)
Build Automation
Azure
Cloud Computing
Cloud Computing Security
Computer Security
DevOps
Identity and Access Management
Python
Role-Based Access Control
Cloudformation
Gitlab-ci
Terraform
Devsecops
Vulnerability Analysis

Job description

You'll own the design and implementation of organization-wide cloud controls across AWS and Azure. You'll work closely with DevOps, Security, Risk, and Compliance teams to embed secure-by-default practices and ensure continuous adherence to security and regulatory requirements. This is a hands-on engineering role where you'll build automation, develop policy frameworks, and help teams remediate issues efficiently. Key Responsibilities

  • Design, implement, and manage organization-wide cloud controls using Azure Policies, AWS Organizations, SCPs, Config Rules, and Cloud Custodian
  • Architect and enforce Zero Trust and least-privilege models (RBAC, PBAC), region restrictions, and platform security controls
  • Collaborate with DevOps/Cybersecurity teams to resolve non-compliant cloud resources
  • Monitor control effectiveness and drive continuous improvement of cloud governance
  • Provide technical leadership and mentor teams on cloud policy best practices
  • Work with risk, compliance, and audit teams to produce control evidence
  • Implement and manage CNAP policies using Wiz for posture assessment and remediation
  • Embed security early by integrating vulnerability scanning, IaC policy enforcement, and compliance checks into GitLab CI/CD
  • Develop policy-as-code frameworks using OPA/Rego to prevent misconfigurations pre-deployment
  • Integrate security controls into Terraform and other IaC workflows
  • Champion shift-left practices-enabling developers to self-remediate issues during build and coding stages
  • Build SOAR playbooks to automate response and remediation workflows

Requirements

  • 3+ years in Cybersecurity and CNAP-focused roles
  • Deep AWS security expertise: IAM, Organizations, SCPs, cloud security architecture
  • Hands-on experience with Cloud Custodian or similar policy automation tools
  • Proficiency with Terraform or AWS CloudFormation
  • Strong understanding of cloud compliance frameworks (CIS, NIST, ISO, etc.)
  • Expertise in OPA/Rego for policy-as-code
  • Experience with Wiz CNAP for cloud security posture management
  • Advanced Python scripting for automation and remediation workflows
  • Experience driving DevSecOps automation and shift-left security adoption
  • Strong collaboration skills across engineering and CISO/leadership teams

Apply for this position