Your new company
Be a part of a government linked project, engaging with exciting new technologies.
Your new role
Security Architecture
- Contribute to the design and implementation of centralised cloud security capabilities for systems under the CISO's remit
- Design secure system architectures in line with best practices, and lead proofofvalue (POV) initiatives
- Lead threat modelling exercises and propose risk mitigation strategies
- Review Vulnerability Management and Penetration Testing findings, triage and translate results into actionable remediation plans
- Provide handson configuration for AWS security services such as KMS, certificate management, and IAM
- Work with infra/platform teams to define how logs and security telemetry from AWS workloads are collected, normalised, and made available to central tooling (e.g. security analytics or observability platforms)
Security Engineering with Product Team
- Act as the security engineer embedded within the product teams, for systems under the Product Office
- Review and provide clear and actionable guidance on cloud solution and infrastructure designs, including but not limited to:
- Account and landing zone patterns
- VPC and network segmentation
- Identity and access management (IAM)
- Data protection, logging, monitoring, and workload security
- Recommend and design fitforpurpose security controls that balance protection, usability, and delivery speed
- Work closely with product and platform teams to embed securitybydesign into architectures, CI/CD pipelines, and daytoday engineering practices
- Improve security posture on existing systems such as:
- Identifying control gaps via automated checks and design reviews
- Prioritising and implementing remediation actions
- Implementing improvements in a sustainable way
- Perform simple, scoped penetration testing activities to validate key security controls and surface potential weaknesses, complementing automated checks and design reviews
- Define and implement automated checks to validate that key cloud controls are in place and effective, for example via:
- Infrastructureascode scanning
- Cloud configuration and posture management tools
- Automated policy checks in CI/CD pipelines
- Translate control requirements into controls as code, collaborating with engineering teams to implement them (e.g. Terraform modules, guardrails, or policyascode)
- Continuously refine automated checks to address emerging threats, incident learnings, and evolving GovTech requirements
- Partner closely with infra/platform teams and product teams to codesign secure patterns, resolve design tradeoffs, and ensure secure adoption of cloud services
- Communicate complex cloud security topics in clear, outcomefocused language tailored to engineers, architects, and nontechnical stakeholders
- Provide regular, concise updates to the CISO on key risks, residual issues, and progress on control uplift across systems under the CISO's remit
What you need
. Experience: 5+years in cloud platform or cloud security engineering, with strong securityexposure and handson cloud project work (design, implementation,troubleshooting)
. Cloud security& IaC skills: Strong proficiency in Cloud (networking, IAM, KMS/BYOK,logging/telemetry, containers/serverless, CI/CD) and IaC tools to design,implement, and automate cloud security controls
. Controls &automation: Familiar with automated control validation (e.g. cloud posturechecks, IaC scanning, pipelineintegrated checks) and expressing controls ascode together with infra/platform and product teams
. Qualifications& attributes: Cloud Solution Architect and/or Cloud Security certificationsstrongly preferred pragmatic, outcomefocused individual contributor,comfortable embedded with engineering teams while reporting directly to theCISO
What you need to do now
If you're interested in this role, click apply now toforward an up-to-date copy of your CV, call or whatsapp Eric at Hays on +6586789212 or email [Confidential Information] for a confidential discussion.
Referrals are welcome.
EA Reg Number: R26160884
EA License Number: 07C3924 | Company Registration No:200609504D
