Senior Cyber Security Engineer (AWS)

TL;DR

Senior Cyber Security Engineer (AWS): Maturing application and cloud security across a cloud-native, AWS-hosted technology estate with an accent on developer-friendly guardrails and vulnerability management. Focus on optimizing CI/CD pipelines, conducting practical threat-modelling sessions, and building automation to reduce operational toil.

Location: London

Company

A world-leading news organization recognized for its authority, integrity, and accuracy in delivering quality information worldwide.

What you will do

• Balance efforts 50/50 between application security and cloud security across an AWS-hosted estate.
• Develop and tune developer-friendly guardrails for SAST, software composition analysis, secret scanning, and IaC scanning within GitHub CI/CD pipelines.
• Facilitate practical, lightweight threat-modelling sessions for new products and architectural changes.
• Manage and prioritize vulnerability remediation across engineering teams, including bug bounty and penetration test findings.
• Build automation tools and scripts, primarily in Python, to reduce manual effort and increase risk visibility.
• Mentor other security engineers and provide expert input into secure architecture and AWS design reviews.

Requirements

• Strong practical experience in both application and cloud security, specifically within AWS cloud-native environments.
• Proven track record of implementing vulnerability management and IaC misconfiguration controls at scale.
• Hands-on experience integrating and tuning security tooling within CI/CD workflows.
• Ability to write Python scripts to automate security workflows.
• Experience running threat-modelling sessions that lead to concrete engineering decisions.
• Strong communication skills to influence technical leaders without relying on gatekeeping.

Nice to have

• Experience leveraging AI to improve AppSec and CloudSec controls.
• AWS Certified Security – Specialty certification.
• Expertise in Terraform or CloudFormation.
• Experience with Splunk or similar SIEM platforms.
• Incident management or incident response experience.

Culture & Benefits

• Warm, collaborative culture that rewards ambitious thinking and curiosity.
• Strong commitment to Diversity, Equity, and Inclusion, aiming to remove barriers for underrepresented groups.
• Disability confident employer and Valuable 500 signatory.
• Opportunities for continuous growth and career development with no fixed path.