Senior Cloud Security Engineer (Automation & Tooling)

TL;DR

Senior Cloud Security Engineer (Automation & Tooling): Fortifying infrastructure and application platforms for a multi-tenant core banking platform with an accent on identity and network security, unified vulnerability orchestration, and compliance as code. Focus on building custom security tooling in Go, managing infrastructure with Terraform, and engineering Kubernetes security solutions.

Location: This is an onsite role, likely based in the UK, given the mention of UK-specific benefits such as Private Medical Insurance with VitalityHealth.

Company

hirify.global is the engineering division of Starling Bank, focused on building a secure and compliant core banking platform.

What you will do

• Design and maintain custom security tooling in Go to automate evidence collection for SOC2/ISO 27001 and remediate security alerts.
• Write and peer-review Terraform to manage identity and core infrastructure across AWS and GCP, ensuring least privilege and cloud security standards.
• Contribute to maintaining software supply chain integrity by integrating SAST/DAST/SCA tools into CI/CD pipelines and managing container provenance.
• Engineer Kubernetes security solutions focusing on Cilium, RBAC, and network policies for microservices protection.
• Build and maintain Certificate Authority (CA) tooling and internal PKI infrastructure, participating in Key Ceremonies for cryptographic foundations.
• Support the Information Security team by participating in incident response and post-mortem activities.

Requirements

• Proven background in software or infrastructure engineering, with a strong preference for solving problems through code.
• Proficiency in Go (preferred) or Python for developing custom security tooling.
• Deep, practical experience securing AWS or GCP and managing them at scale using Terraform.
• Expert understanding of Kubernetes security, including runtime, service mesh, Cilium, and RBAC.
• Expert knowledge of cloud identity models and strong understanding of network protocols.
• Ability to work onsite, likely within the UK.

Nice to have

• Experience with Cilium networking or advanced Kubernetes hardening (CKS/CKA).
• Deep knowledge of cryptography management and hardware security modules.
• Familiarity with container signing (Sigstore/Cosign) and image provenance.
• Cloud-native security certifications (AWS Security Specialist / GCP Professional).

Culture & Benefits

• 33 days holiday including public holidays, with an extra day for your birthday and increased leave with length of service.
• Salary sacrifice, company enhanced pension scheme, life insurance (4x salary), and group income protection.
• Private Medical Insurance with VitalityHealth, including mental health support and cancer care, plus partner discounts.
• Generous family-friendly policies and a refer-a-friend scheme.
• Perkbox membership offering retail discounts, a wellness platform, and weekly perks.
• Access to initiatives like Cycle to Work and Electric Vehicle (EV) leasing.