Senior Security Engineer - Cloud Infrastructure

Senior Security Engineer - Cloud Infrastructure

Hybrid (4 days in office) in London

Ebury is investing significantly in its cloud infrastructure security capabilities to ensure the trust and safety of our global financial services. As a Senior Security Engineer specialising in Cloud Infrastructure, you will own and evolve the security posture of our cloud environments across AWS and GCP, with a focus on network security, perimeter defence, and attack surface management.

This hands-on role requires deep expertise in cloud-native security controls, network architecture, and defensive security operations. You will design, implement, and maintain security infrastructure that proactively detects and mitigates threats before they impact our business. You will work closely with platform, infrastructure, and security operations teams, embedding security best practices into our cloud foundations.

Key Responsibilities

• Own cloud security posture and attack surface management: Maintain comprehensive visibility and control across AWS and GCP environments. Implement cloud-native security monitoring, detection, and alerting to proactively identify and mitigate threats before they impact customers or the business. Define and enforce security baselines using policy-as-code.
• Design and maintain web application firewall infrastructure: Own WAF configurations across AWS and GCP, developing and tuning detection rules aligned with application threat models and emerging attack patterns. Establish operational processes for rule lifecycle management and incident response integration, collaborating with application teams to implement protections without impacting availability.
• Architect network segmentation and isolation: Design and implement network security strategies ensuring proper separation between development, staging, and production environments. Define consistent patterns across multi-cloud infrastructure, applying zero-trust principles to workload communication and documenting reference architectures for engineering teams.
• Deliver modern secure remote access: Architect and implement a scalable remote access solution to meet current network security and environment isolation requirements. Design identity-aware access controls for infrastructure and cloud resources, ensuring solutions satisfy compliance and audit requirements for regulated financial services.
• Drive security automation and DevSecOps adoption: Implement Infrastructure as Code for security controls using Terraform and cloud-native tools. Build automated compliance checking, policy enforcement pipelines, and security tooling that improves detection and response capabilities across infrastructure deployments.
• Improve team capabilities and cross-functional collaboration: Partner with platform and infrastructure teams to embed security into cloud foundations. Provide technical guidance on network and cloud security best practices, contribute to incident response, and actively share security learnings to elevate engineering capabilities.

About you:

• You understand cloud infrastructure security end-to-end, applying frameworks (CIS Benchmarks, NIST CSF, ISO 27001) within a regulated context.
• You think holistically about defence-in-depth, from network perimeter to workload protection.
• You effectively engage with platform, infrastructure, and engineering teams, clearly explaining the 'why' and impact of security controls.
• You advocate for security-as-code and automation, reducing manual processes and improving consistency.
• You promote a collaborative culture, share knowledge openly, and optimise your contributions for predictable delivery

Experience and Qualifications

Required

• 5+ years in security or infrastructure engineering with deep expertise in cloud security, ideally within FinTech, banking, or a similar regulated industry.
• Expert-level experience with AWS and/or GCP security services, including VPCs, security groups, IAM, and cloud-native security tools.
• Proven track record designing and implementing WAF solutions (AWS WAF, Cloud Armor, or similar) with custom detection rules.
• Strong experience designing network architectures with proper segmentation and isolation patterns.
• Extensive experience with Infrastructure as Code (Terraform preferred) and GitOps practices.
• Proficiency in scripting and automation (Python, Bash, or similar).
• Solid understanding of network security fundamentals: firewalls, routing, DNS, TLS, VPNs.
• Experience implementing or operating SIEM, logging, and security monitoring solutions

Desired

• Experience with zero-trust network architectures and identity-aware access solutions.
• Knowledge of container security and Kubernetes network policies.
• Experience with security orchestration and automated response (SOAR).
• Familiarity with compliance requirements for financial services (PSD2, GDPR, PCI-DSS).
• Relevant certifications (AWS/GCP Security Specialty, CCSP, or similar).
• Experience migrating from legacy VPN solutions to modern alternatives (e.g., ZTNA, SDP)

What We Offer:

• Opportunity to define cloud security architecture at a leading fintech.
• High-impact role with significant technical influence across the organisation.
• Investment in professional development and growth.
• Competitive base salary and discretionary performance bonus.
• Annual conference and training budget.
• Inclusive, collaborative culture with a diverse global team

Application Requirements:

• Authorisation to work in the UK.
• Clean background check and regulatory screening.
• Professional references available upon request

If this sounds like you, please apply below!

Feel free to connect with me on LinkedIn - Freddie Mugridge

#LI- FM2

#LI-HYBRID