As a Security Engineer, you will own end-to-end security across multiple enterprise and mid-market cloud projects. Your initial mission is to embed automated controls and best practices into every AWS- and Azure-based delivery, shifting the organisation from reactive fixes to a proactive security posture. Reporting directly to the Director of Engineering, Cloud, you will partner daily with Technology, Cloud, Engineering and Account-Management teams and act as a client-facing security authority - able to brief both technical staff and C-level executives.
Your Responsibilities
- Design, implement and enforce comprehensive Secure SDLC processes, integrating automated security controls, threat modeling, secure coding standards, and continuous security testing throughout the entire development lifecycle.
- Develop, document and enforce security policies in our Confluence-based knowledge base and project DMS.
- Harden multi-account AWS and Azure estates (EC2, S3, IAM, VPC, CloudTrail, CloudFront; Virtual Machines, Storage Accounts, Key Vault, NSG, Policy, Monitor).
- Deploy and tune SIEM/log-management platforms (Splunk, ELK, Microsoft Sentinel); craft queries and dashboards that surface actionable threats.
- Run scheduled and continuous vulnerability scans (Qualys, Rapid7, Defender), interpret results and drive remediation with Engineering.
- Configure and manage security edge controls—firewalls, WAFs (Akamai, AWS/Azure WAF) and IDS/IPS—tailored to each client’s risk profile.
- Integrate SCA (Trivy, Grype, Snyk) and DAST (OWASP ZAP) tooling into build pipelines; champion secure-by-design coding practices.
- Lead security architecture reviews and threat-model sessions with cross-functional, multi-country delivery teams.
- Present findings, roadmaps and risk mitigation strategies directly to enterprise clients, translating technical issues into clear business impact.
- Continuously evaluate emerging threats, Zero-Trust patterns and supply-chain risks; recommend tooling and process improvements that keep us ahead of third-party scans.
Requirements
- 7 + years of hands-on security engineering in cloud-native, agile environments.
- Expert knowledge of core AWS and Azure services and how to secure them at scale.
- Proven SIEM experience—log ingestion, correlation rule creation and dashboarding.
- Deep understanding of vulnerability management tools and remediation cycles.
- Practical experience with WAF/IDS/IPS configuration, network protocols (TCP/IP, DNS, HTTP) and Zero-Trust/IAM best practices (AD, Azure AD, Okta).
- Comfort operating as a solo security function: you set the standards, choose the tools (budget approved) and drive adoption company-wide.
- Consultative mindset with excellent written and verbal English; able to brief board-level stakeholders and guide client teams through complex security topics.
Will be a plus
- Container and Kubernetes hardening, DevSecOps pipeline design, CNAPP familiarity, compliance frameworks (SOC 2, ISO 27001, PCI DSS) and industry certifications (CISSP, AWS Security Specialty, Azure Security Engineer Associate, CKS).
Benefits
- Experience working with US clients
- Competitive compensation depending on experience and skills
- Unlimited, paid time off and vacation
- Budget for certifications and IT conferences
- Friendly team to work with around the world
- Be a team player in an agile software development environment focused on collaboration and continuous integration
- Comprehensive health insurance and retirement benefits:
- United States: Health Insurance and 401(k) plan.
- Canada: Health Insurance and Employer-Sponsored Retirement Plan.