Cloud Security Engineer

About the role

We are looking for a hands-on DevSecOps Engineer to own our end-to-end vulnerability management process and drive security across our cloud-native platform. This is a technical, ownership-heavy role sitting at the intersection of security engineering and platform engineering. You will be responsible for identifying, triaging, remediating, and reporting on vulnerabilities across our application stack, container images, and cloud infrastructure. You will work closely with our Compliance Manager to ensure our security posture meets compliance requirements and that risk is understood, documented, and managed appropriately. This is not a monitoring-only role. We expect you to roll up your sleeves, open pull requests, fix Dockerfiles, bump package versions, modify CI/CD pipelines, and own the fix through to deployment and verification.

Responsibilities

• Vulnerability Management
• Own the end-to-end vulnerability management lifecycle - discovery, triage, prioritisation, remediation
• tracking, and closure
• Manage and maintain the vulnerability backlog, ensuring SLAs are tracked and met
• Triage findings from automated scanning tools and apply contextual risk judgement - not every critical
• CVE is equally critical in every context
• Produce regular vulnerability reports and risk dashboards for internal stakeholders and the
• Compliance Manager
• Document risk acceptance decisions, mitigating controls, and remediation timelines
• Vulnerability Remediation
• Remediate vulnerabilities directly - bumping dependency versions in package manifests (npm, pip,
• Maven, Go modules etc.), updating base images, fixing misconfigurations
• Update and harden Dockerfiles - base image selection, multi-stage builds, non-root users, minimal
• attack surface
• Work within our Git-based workflow - raise PRs, participate in code review, deploy and verify your own
• fixes end to end
• 1
• Container & Application Security
• Integrate and maintain container image scanning in CI/CD pipelines (Trivy, Snyk, Grype or equivalent)
• Integrate Software Composition Analysis (SCA) and Static Application Security Testing (SAST) tooling into
• pipelines
• Define and enforce quality gates that prevent vulnerable or non-compliant images from reaching
• production
• Identify vulnerable third-party dependencies and work through remediation with engineering teams
• Kubernetes & AWS EKS Security
• Harden and maintain the security configuration of our AWS EKS clusters
• Implement and maintain Kubernetes RBAC, Pod Security Standards, Network Policies, and admission
• controls
• Manage secrets securely - AWS Secrets Manager, External Secrets Operator, or equivalent
• Ensure IAM roles for service accounts (IRSA) are correctly scoped and maintained
• Monitor and respond to runtime security events using tooling such as Falco
• Cloud Infrastructure Security
• Maintain and improve AWS security posture across the platform
• Work with AWS-native security tooling - Security Hub, GuardDuty, Inspector, IAM Access Analyzer
• Identify and remediate misconfigurations in Infrastructure as Code (Terraform, Helm)
• Apply least-privilege principles consistently across IAM, service accounts, and workload identities
• CI/CD Pipeline Security
• Own and evolve the security gates within our CI/CD pipelines
• Implement automated scanning for containers, dependencies, IaC, and secrets
• Ensure pipelines enforce policy as code - fail fast on critical findings
• Be comfortable modifying pipeline configuration (GitHub Actions, GitLab CI or equivalent) to introduce
• or improve security controls
• Compliance & Risk
• Work alongside the Compliance Manager to translate technical vulnerability findings into compliancerelevant language and evidence
• Produce and maintain risk assessments for identified vulnerabilities and infrastructure risks
• Contribute to audit evidence collection and compliance reporting cycles
• Support the maintenance of security policies and standards documentation
• 2

Requirements

• Essential Skills & Experience
• 4+ years of experience in a DevSecOps, Cloud Security, or Security-focused SRE role
• Demonstrable hands-on experience with vulnerability management - not just tooling but owning
• the full lifecycle
• Strong experience with container security - image scanning, Dockerfile hardening, base image
• management
• Real-world AWS EKS and Kubernetes security experience - RBAC, Network Policies, Pod Security
• Standards, admission controllers, IRSA
• Confident working with AWS security services - Security Hub, GuardDuty, Inspector, IAM, KMS, ECR
• Experience integrating security tooling into CI/CD pipelines and defining security quality gates
• Ability to make direct code and configuration changes - comfortable opening PRs to fix dependency
• versions, Dockerfiles, and IaC
• Understanding of CVSS scoring, exploitability context, and risk-based prioritisation
• Experience writing or contributing to risk assessments and risk acceptance documentation
• Strong co

Additional Information

DevSecOps Engineer

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at ensono? Share your experience