AWS Security Engineer

We're looking for an AWS Security Platform Engineer to help us build and operate secure-by-default cloud environments across our AWS estate. In this hands-on role, you will design, implement, and continually enhance the security controls, guardrails, and automation that keep our cloud platforms resilient, compliant, and safe.

You'll act as a technical authority for AWS security, embedding best-practice controls into cloud foundations, build pipelines, and day-to-day operations-while enabling our engineering teams to build and innovate at pace.

What you'll be doing

• Designing, building, and improving AWS-native security services, including GuardDuty, Security Hub, IAM, KMS, CloudTrail, AWS Config, Inspector and WAF.
• Developing and evolving AWS Landing Zone security controls, baseline configurations, and multi-account guardrails.
• Implementing and governing identity and access management (IAM Roles, SCPs, least privilege, federated identity, permission boundaries).
• Creating and maintaining AWS security policies, standards and best-practice patterns.
• Automating security controls and operational processes using Terraform, CloudFormation, Lambda and CI/CD pipelines.
• Monitoring AWS environments for misconfigurations, threats and policy violations-and driving prompt remediation.
• Integrating security checks into build and deployment pipelines alongside Cloud Engineering and DevOps teams.
• Providing hands-on security guidance to teams adopting AWS services, ensuring secure architectures and implementations.
• Supporting incident response for AWS workloads, including investigation, containment and remediation.
• Maintaining visibility of cloud security posture through dashboards, reporting and clear communication of risks.
• Staying up to date with AWS security innovations and emerging threats, proactively improving controls and tooling.

Do you have experience in Terraform?, * Professional AWS certifications such as AWS Security Specialty or AWS Solutions Architect Associate/Professional, or equivalent hands-on experience.

• Beneficial (but not essential): CISSP, CCSP, CompTIA Security+.
• Proven experience delivering AWS-native security controls and capabilities.
• Experience building and maintaining AWS Landing Zones, guardrails, and baseline security configurations.
• Strong knowledge of cloud identity and access patterns across multi-account environments.
• Experience with infrastructure-as-code (Terraform, CloudFormation) in security engineering contexts.
• Experience detecting and mitigating cloud misconfigurations, vulnerabilities and threats using cloud-native and automated tooling.
• Background working with DevOps/Platform Engineering teams to embed security into CI/CD pipelines.

Technical & People Skills

• Ability to create high-quality engineering outputs: guardrails, security patterns, runbooks and technical standards.
• Strong communication skills with the ability to articulate risk clearly and influence decisions.
• Effective collaboration with Cloud, Infrastructure, DevOps, Architecture and Product teams.
• A proactive mindset, continuously driving improvements in AWS security automation, tooling and monitoring.

The impact you'll make

• Strengthen AWS security posture across a rapidly evolving multi-account environment.
• Improve automation, reduce manual overhead and uplift detection capabilities.
• Play a key role in cloud security governance, architecture reviews and major change initiatives.
• Ensure our AWS platforms remain secure, compliant and well-monitored through scalable guardrails and automated controls.

Salary: Up to £70,000, depending on experience, plus bonus and benefits