Cloud Security Engineer
Job Summary
DevSecOps Engineer
About the Role
We are looking for a hands-on DevSecOps Engineer to own our end-to-end vulnerability management
process and drive security across our cloud-native platform. This is a technical ownership-heavy role
sitting at the intersection of security engineering and platform engineering.
You will be responsible for identifying triaging remediating and reporting on vulnerabilities across our
application stack container images and cloud infrastructure. You will work closely with our Compliance
Manager to ensure our security posture meets compliance requirements and that risk is understood
documented and managed appropriately.
This is not a monitoring-only role. We expect you to roll up your sleeves open pull requests fix Dockerfiles
bump package versions modify CI/CD pipelines and own the fix through to deployment and verification.
What You Will Be Doing
Vulnerability Management
Own the end-to-end vulnerability management lifecycle discovery triage prioritisation remediation
tracking and closure
Manage and maintain the vulnerability backlog ensuring SLAs are tracked and met
Triage findings from automated scanning tools and apply contextual risk judgement not every critical
CVE is equally critical in every context
Produce regular vulnerability reports and risk dashboards for internal stakeholders and the
Compliance Manager
Document risk acceptance decisions mitigating controls and remediation timelines
Vulnerability Remediation
Remediate vulnerabilities directly bumping dependency versions in package manifests (npm pip
Maven Go modules etc.) updating base images fixing misconfigurations
Update and harden Dockerfiles base image selection multi-stage builds non-root users minimal
attack surface
Work within our Git-based workflow raise PRs participate in code review deploy and verify your own
fixes end to end
1
Container & Application Security
Integrate and maintain container image scanning in CI/CD pipelines (Trivy Snyk Grype or equivalent)
Integrate Software Composition Analysis (SCA) and Static Application Security Testing (SAST) tooling into
pipelines
Define and enforce quality gates that prevent vulnerable or non-compliant images from reaching
production
Identify vulnerable third-party dependencies and work through remediation with engineering teams
Kubernetes & AWS EKS Security
Harden and maintain the security configuration of our AWS EKS clusters
Implement and maintain Kubernetes RBAC Pod Security Standards Network Policies and admission
controls
Manage secrets securely AWS Secrets Manager External Secrets Operator or equivalent
Ensure IAM roles for service accounts (IRSA) are correctly scoped and maintained
Monitor and respond to runtime security events using tooling such as Falco
Cloud Infrastructure Security
Maintain and improve AWS security posture across the platform
Work with AWS-native security tooling Security Hub GuardDuty Inspector IAM Access Analyzer
Identify and remediate misconfigurations in Infrastructure as Code (Terraform Helm)
Apply least-privilege principles consistently across IAM service accounts and workload identities
CI/CD Pipeline Security
Own and evolve the security gates within our CI/CD pipelines
Implement automated scanning for containers dependencies IaC and secrets
Ensure pipelines enforce policy as code fail fast on critical findings
Be comfortable modifying pipeline configuration (GitHub Actions GitLab CI or equivalent) to introduce
or improve security controls
Compliance & Risk
Work alongside the Compliance Manager to translate technical vulnerability findings into compliancerelevant language and evidence
Produce and maintain risk assessments for identified vulnerabilities and infrastructure risks
Contribute to audit evidence collection and compliance reporting cycles
Support the maintenance of security policies and standards documentation
2
What We Are Looking For
Essential Skills & Experience
4 years of experience in a DevSecOps Cloud Security or Security-focused SRE role
Demonstrable hands-on experience with vulnerability management not just tooling but owning
the full lifecycle
Strong experience with container security image scanning Dockerfile hardening base image
management
Real-world AWS EKS and Kubernetes security experience RBAC Network Policies Pod Security
Standards admission controllers IRSA
Confident working with AWS security services Security Hub GuardDuty Inspector IAM KMS ECR
Experience integrating security tooling into CI/CD pipelines and defining security quality gates
Ability to make direct code and configuration changes comfortable opening PRs to fix dependency
versions Dockerfiles and IaC
Understanding of CVSS scoring exploitability context and risk-based prioritisation
Experience writing or contributing to risk assessments and risk acceptance documentation
Strong communication skills able to translate technical findings for a compliance or non-technical
audience
Desirable Skills & Experience
Experience with Kubernetes policy engines Kyverno OPA/Gatekeeper
Experience with runtime security tooling such as Falco
Familiarity with GRC or compliance platforms Drata Vanta or similar
Experience with secrets management tooling External Secrets Operator HashiCorp Vault AWS
Secrets Manager
AWS certifications Security Specialty Solutions Architect or equivalent
Exposure to compliance frameworks SOC 2 ISO 27001 CIS Benchmarks
Technologies You Will Work With
Area Tools / Technologies
Vulnerability Scanning Trivy Snyk Grype AWS Inspector Dependabot
SAST / SCA Snyk Code Semgrep Checkov KICS
3
Area Tools / Technologies
Kubernetes Security Falco Kyverno OPA/Gatekeeper kube-bench
AWS Security Security Hub GuardDuty IAM Access Analyzer KMS ECR
CI/CD GitHub Actions GitLab CI ArgoCD or Flux
Infrastructure as Code Terraform Helm
Secrets Management AWS Secrets Manager External Secrets Operator
Ticketing / Reporting Jira and a GRC platform
What We Offer
A genuinely ownership-heavy role you will drive security decisions not just implement them
Close collaboration with engineering platform and compliance teams
A modern cloud-native stack built on AWS EKS
A culture that treats security as an engineering problem not a checkbox
Competitive salary and benefits package
Add your specific benefits here
How to Apply
We are an equal opportunities employer and welcome applications from all backgrounds
Required Experience:
IC
About Company
Make your business goals a reality with Ensono's decades of hybrid IT experience and continuous innovation.