AWS Cloud Security Engineer

We are seeking an AWS Security Engineer to take end-to-end ownership of cloud security across discovery, design, implementation, and large-scale workload migration.

This role is central to a major AWS transformation programme, including:

• AWS Landing Zone establishment
• EUC/Citrix-to-Amazon WorkSpaces modernisation
• Full on-premises datacentre migration

You will be responsible for defining and embedding security controls across identity, compliance, guardrails, monitoring, MFA/Conditional Access, and ongoing hardening of production environments.

Key Responsibilities

• Validate MFA, Conditional Access, encryption, and logging during the discovery phase
• Design and embed IAM, RBAC, federation, and authentication patterns into cloud architectures
• Define AWS security guardrails, Service Control Policies (SCPs), monitoring, and compliance baselines
• Configure and manage IAM roles, key management, encryption, logging, AWS CloudTrail, AWS Config, GuardDuty, and Security Hub
• Support AWS Landing Zone build-out, including identity federation, tagging standards, auditing, and multi-account governance
• Implement security hardening for VDI/Amazon WorkSpaces/Citrix environments, including MFA, Conditional Access, and admin console security
• Validate security controls during pilot migrations and large-scale migrations (200+ workloads), covering IAM, MFA, encryption, and BCP requirements
• Support CIS benchmarking, public-sector standards, compliance testing, and penetration-testing readiness
• Tune monitoring dashboards, alerting, and incident triage during hypercare and post-migration phases

• Strong hands-on experience as an AWS Security Engineer
• Deep expertise in AWS IAM, RBAC, SCPs, and AWS Organizations
• Experience implementing MFA, Conditional Access, and Entra AD federation
• Solid understanding of CIS benchmarks, compliance frameworks, encryption, AWS KMS, and RPO/RTO
• Proven experience enabling and operating GuardDuty, Security Hub, CloudTrail, and AWS Config
• Exposure to security validation at migration scale within complex AWS environments