Cloud Security Engineer (GDC, Identity & Access, Encryption) - SC Eligible - Government Projects

At ByDesign Secure, we believe that world-class security shouldn't be an afterthought-it should be the foundation. We are an independent, outputs-based consultancy dedicated to solving the most complex data assurance challenges in the UK public sector. Currently, we working on a landmark transformation of a cross-government secure IT system. This is an exciting opportunity to help architect a private cloud environment from the ground up and modernize the end-user services that power national decision-making. We don't believe in "billing by the hour" or rigid hierarchies; we are a lean, expert team focused on delivering high-impact technical outcomes. If you are a self-starter who thrives on autonomy and wants to see your engineering or architectural decisions shape the future of sovereign security, we want to talk to you.

About the Opportunity

• We are seeking a skilled Cloud Security Engineer to design and implement secure workloads within a Google Distributed Cloud (GDC) environment.
• This role is ideal for a security professional with a strong GCP background (Other CSP experience also considered) and an active Professional Cloud Security Engineer certification, as these competencies are directly transferable to managing security in air-gapped or edge configurations.
• You will be responsible for ensuring security, rigour, and compliance within mission-critical government secure delivery.

What You'll Be Doing

• Identity & Access Management: Designing and managing complex identity architectures, including single sign-on (SSO) integration, multi-factor authentication (MFA), and the automated lifecycle management of privileged user accounts.
• Authorisation & Resource Hierarchy: Defining granular resource hierarchies and implementing the principle of least privilege using advanced identity policies, conditions, and organizational constraints.
• Boundary & Perimeter Protection: Configuring robust network defences, including next-generation firewalls, web application firewalls (WAF), and secure service perimeters to isolate sensitive workloads.
• Data Protection & Encryption: Implementing discovery and redaction services for sensitive data (PII) and managing full-lifecycle encryption through hardware or software-based key management systems.
• Securing the Software Supply Chain: Automating vulnerability scanning and policy enforcement within continuous integration and delivery (CI/CD) pipelines to ensure only authorised code is deployed.

• Demonstrable experience as a practicing Security Engineer, with the ability to transition cloud-native security best practices to a distributed/edge platform.
• Deep proficiency in configuring network security defences, threat monitoring, and regulatory compliance controls.

Bonus Points For

• Current, non-expired Professional Cloud Security Engineer certification.
• Experience operating within or alongside classified UK Government secure environments (e.g., SECRET or above).
• Familiarity with GDS Service Standards or equivalent public sector delivery frameworks.
• Experience working in air-gapped or disconnected environments with little or no internet connectivity, * Do you have experience implementing Identity and Access Management (IAM) and least privilege hierarchies in a cloud environment?

• Have you managed encryption keys (CMEK/EKM) or Sensitive Data Protection (SDP) within a secure or air-gapped environment?
• Do you have the permanent right to work in the UK?
• Do you currently hold active UK SC clearance?
• Are you eligible and willing to undergo UK SC clearance for this role? (Applications without this cannot be considered)
• Does your delivery approach allow for on-site presence in London (SW1A) when required (typically around 2 days per week)?