Security Engineer
Role details
Job location
Tech stack
Job description
Ebury is investing significantly in its cloud infrastructure security capabilities to ensure the trust and safety of our integral financial services. As a Senior Security Engineer specialising in Cloud Infrastructure, you will own and evolve the security posture of our cloud environments across AWS and GCP, with a focus on network security, perimeter defence, and attack surface management.
This hands-on role requires deep expertise in cloud-native security controls, network architecture, and defensive security operations. You will design, implement, and maintain security infrastructure that proactively detects and mitigates threats before they impact our business. You will work closely with platform, infrastructure, and security operations teams, embedding security best practices into our cloud foundations., * Own cloud security posture and attack surface management: Maintain comprehensive visibility and control across AWS and GCP environments. Implement cloud-native security monitoring, detection, and alerting to proactively identify and mitigate threats before they impact customers or the business. Define and enforce security baselines using policy-as-code.
- Deliver modern secure remote access: Architect and implement a scalable remote access solution to meet current network security and environment isolation requirements. Design identity-aware access controls for infrastructure and cloud resources, ensuring solutions satisfy compliance and audit requirements for regulated financial services.
- Drive security automation and DevSecOps adoption: Implement Infrastructure as Code for security controls using Terraform and cloud-native tools. Build automated compliance checking, policy enforcement pipelines, and security tooling that improves detection and response capabilities across infrastructure deployments.
- Improve team capabilities and cross-functional collaboration: Partner with platform and infrastructure teams to embed security into cloud foundations. Provide technical guidance on network and cloud security best practices, contribute to incident response, and actively share security learnings to elevate engineering capabilities., * You effectively engage with platform, infrastructure, and engineering teams, clearly explaining the 'why' and impact of security controls.
- You advocate for security-as-code and automation, reducing manual processes and improving consistency.
- You promote a collaborative culture, share knowledge openly, and optimise your contributions for predictable delivery.
Requirements
- 5+ years in security or infrastructure engineering with deep expertise in cloud security, ideally within FinTech, banking, or a similar regulated industry.
- Expert-level experience with AWS and/or GCP security services, including VPCs, security groups, IAM, and cloud-native security tools.
- Proven track record designing and implementing WAF solutions (AWS WAF, Cloud Armor, or similar) with custom detection rules.
- Strong experience designing network architectures with proper segmentation and isolation patterns.
- Extensive experience with Infrastructure as Code (Terraform preferred) and GitOps practices.
- Proficiency in scripting and automation (Python, Bash, or similar).
- Solid understanding of network security fundamentals: firewalls, routing, DNS, TLS, VPNs.
- Experience implementing or operating SIEM, logging, and security monitoring solutions., * Experience with zero-trust network architectures and identity-aware access solutions.
- Knowledge of container security and Kubernetes network policies.
- Experience with security orchestration and automated response (SOAR).
- Familiarity with compliance requirements for financial services (PSD2, GDPR, PCI-DSS).
- Relevant certifications (AWS/GCP Security Specialty, CCSP, or similar).
- Experience migrating from legacy VPN solutions to modern alternatives (e.g., ZTNA, SDP).