Senior Security Engineer - Cloud Infrastructure

Ebury is investing significantly in its cloud infrastructure security capabilities to ensure the trust and safety of our global financial services. As a Senior Security Engineer specialising in Cloud Infrastructure, you will own and evolve the security posture of our cloud environments across AWS and GCP, with a focus on network security, perimeter defence, and attack surface management.

This hands-on role requires deep expertise in cloud-native security controls, network architecture, and defensive security operations. You will design, implement, and maintain security infrastructure that proactively detects and mitigates threats before they impact our business. You will work closely with platform, infrastructure, and security operations teams, embedding security best practices into our cloud foundations., * Own cloud security posture and attack surface management: Maintain comprehensive visibility and control across AWS and GCP environments. Implement cloud-native security monitoring, detection, and alerting to proactively identify and mitigate threats before they impact customers or the business. Define and enforce security baselines using policy-as-code.

• Design and maintain web application firewall infrastructure: Own WAF configurations across AWS and GCP, developing and tuning detection rules aligned with application threat models and emerging attack patterns. Establish operational processes for rule lifecycle management and incident response integration, collaborating with application teams to implement protections without impacting availability.
• Architect network segmentation and isolation: Design and implement network security strategies ensuring proper separation between development, staging, and production environments. Define consistent patterns across multi-cloud infrastructure, applying zero-trust principles to workload communication and documenting reference architectures for engineering teams.
• Deliver modern secure remote access: Architect and implement a scalable remote access solution to meet current network security and environment isolation requirements. Design identity-aware access controls for infrastructure and cloud resources, ensuring solutions satisfy compliance and audit requirements for regulated financial services.
• Drive security automation and DevSecOps adoption: Implement Infrastructure as Code for security controls using Terraform and cloud-native tools. Build automated compliance checking, policy enforcement pipelines, and security tooling that improves detection and response capabilities across infrastructure deployments.
• Improve team capabilities and cross-functional collaboration: Partner with platform and infrastructure teams to embed security into cloud foundations. Provide technical guidance on network and cloud security best practices, contribute to incident response, and actively share security learnings to elevate engineering capabilities.

Do you have experience in Terraform?, * You understand cloud infrastructure security end-to-end, applying frameworks (CIS Benchmarks, NIST CSF, ISO 27001) within a regulated context.

• You think holistically about defence-in-depth, from network perimeter to workload protection.
• You effectively engage with platform, infrastructure, and engineering teams, clearly explaining the 'why' and impact of security controls.
• You advocate for security-as-code and automation, reducing manual processes and improving consistency.
• You promote a collaborative culture, share knowledge openly, and optimise your contributions for predictable delivery, * 5+ years in security or infrastructure engineering with deep expertise in cloud security, ideally within FinTech, banking, or a similar regulated industry.
• Expert-level experience with AWS and/or GCP security services, including VPCs, security groups, IAM, and cloud-native security tools.
• Proven track record designing and implementing WAF solutions (AWS WAF, Cloud Armor, or similar) with custom detection rules.
• Strong experience designing network architectures with proper segmentation and isolation patterns.
• Extensive experience with Infrastructure as Code (Terraform preferred) and GitOps practices.
• Proficiency in scripting and automation (Python, Bash, or similar).
• Solid understanding of network security fundamentals: firewalls, routing, DNS, TLS, VPNs.
• Experience implementing or operating SIEM, logging, and security monitoring solutions

Desired

• Experience with zero-trust network architectures and identity-aware access solutions.
• Knowledge of container security and Kubernetes network policies.
• Experience with security orchestration and automated response (SOAR).
• Familiarity with compliance requirements for financial services (PSD2, GDPR, PCI-DSS).
• Relevant certifications (AWS/GCP Security Specialty, CCSP, or similar).
• Experience migrating from legacy VPN solutions to modern alternatives (e.g., ZTNA, SDP), * Authorisation to work in Spain.
• Clean background check and regulatory screening.
• Professional references available upon request

What We Offer:

• Opportunity to define cloud security architecture at a leading fintech.
• High-impact role with significant technical influence across the organisation.
• Investment in professional development and growth.
• Competitive base salary and discretionary performance bonus.
• Annual conference and training budget.
• Inclusive, collaborative culture with a diverse global team

Ebury is a global fintech firm dedicated to empowering businesses to expand internationally through tailored and forward-thinking financial solutions. Since our founding in 2009, we've grown to a diverse team of over 1,700 professionals across 40+ offices and 29+ markets worldwide. Joining Ebury means becoming part of a collaborative and innovative environment where your contributions are valued. You'll play a key role in shaping the future of cross-border finance, while advancing your own career in a dynamic, high-growth industry., Ebury is a FinTech success story, positioned among the fastest-growing international companies in its sector. Founded in 2009, we are headquartered in London and have more than 1700 staff with a presence in more than 29 markets worldwide. Cultural diversity is part of what makes Ebury a special place to be. From Sao Paulo to Dubai, Vancouver to Auckland, we enjoy sharing team experiences and celebrating success across the Ebury family. Hard work pays off: in 2019, Ebury received a £350 million investment from Banco Santander and has won internationally recognised awards including Financial Times: 1000 Europe's Fastest-Growing Companies. None of this would have been possible without our proudest achievement: our great people. Enthusiastic, innovative and collaborative teams, always ready to disrupt and revolutionise the fast-paced FinTech sector. At Ebury, we're committed to building a workplace where everyone feels valued, supported, and empowered to thrive. We're proud to have active employee networks and ESG initiatives that reflect our inclusive culture, including our Women's Network, LGBTQIA+ Network, and Veterans Network. These communities provide spaces for connection, mentorship, advocacy, and collaboration across our global teams. We believe in inclusion. We stand against discrimination in all forms and have no tolerance for the intolerance of differences that makes us a modern and successful organisation. At Ebury, you can be whoever you want to be and still feel a sense of belonging no matter your story because we want you and your uniqueness to help write our future. Please submit your application on the careers website directly, uploading your CV / resume in English.