{ “@context”: “http://schema.org”, “@type”: “JobPosting”, “title”: “Senior Cyber Engineer”, “description”: “
Requirements
- Application and cloud security experience: practical experience across both application security and cloud security, ideally in AWS-hosted, cloud-native environments
- Developer-friendly security mindset: you know how to work with engineers, explain risk clearly and design controls that help teams move securely without unnecessary friction
- Vulnerability management at scale: experience improving how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and advisories are identified, prioritised, owned and remediated across engineering teams
- Cloud misconfiguration & vulnerability management: experience identifying and reducing infrastructure-as-code and AWS vulnerabilities & misconfigurations at scale through pragmatic guardrails, tooling and clear remediation paths
- Threat modelling: confidence running lightweight, practical threat-modelling sessions that lead to useful engineering decisions and risk reduction
- CI/CD and code security: hands-on experience with security tooling such as SAST, software composition analysis, secret scanning and IaC scanning
- Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce toil, improve visibility and surface meaningful risk
- Security leadership: ability to mentor other security engineers and influence engineers across the wider organisation, potentially including line management
- AI security awareness: experience of leveraging AI to improve and scale appsec and cloud sec controls would be useful, but is not essential
- Strong practical experience in application security and cloud security, ideally with a balanced focus across both
- Hands‑on AWS security experience, including common misconfiguration patterns and practical remediation approaches
- Experience improving vulnerability management across engineering teams, including prioritisation, ownership, remediation tracking and noise reduction
- Experience in improving cloud or IaC misconfiguration management at scale in a developer-friendly way
- Experience integrating, tuning or improving security tooling in CI/CD workflows, such as SAST, software composition analysis, secret scanning or IaC scanning
- Experience running practical threat-modelling sessions that influence design, delivery or remediation decisions
- Ability to write scripts or small tools, ideally in Python, to automate security workflows or improve visibility
- Strong communication and collaboration skills, with the ability to influence engineers and technical leaders without relying on gatekeeping
- Evidence of improving application security, cloud security or vulnerability management practices in a real engineering environment
- Familiarity with Agile or Scrum ways of working
- (Desirable) Experience with leveraging AI for AppSec and CloudSec
- (Desirable) AWS Certified Security – Speciality or equivalent practical AWS security experience
- (Desirable) Terraform or CloudFormation expertise
- (Desirable) Incident-management or incident-response experience
- (Desirable) Experience with Splunk or similar logging/SIEM platforms
- (Desirable) Experience with security metrics, dashboards or reporting that helped drive measurable risk reduction
- (Desirable) Experience mentoring or line-managing security engineers
What the job involves
- We’re looking for a Senior Cyber Security Engineer to help mature application and cloud security across the FT’s cloud-native, AWS-hosted technology estate
- This role has an approximate 50/50 focus across application security and cloud security, working closely with product, platform and engineering teams to make secure delivery easier by default
- You’ll shape and improve developer-friendly guardrails across GitHub-based CI/CD pipelines, AWS environments and infrastructure-as-code workflows
- This includes improving SAST, software composition analysis, secret scanning, IaC scanning, vulnerability management and AWS misconfiguration management so that findings are actionable, low-noise and owned by the right teams
- Day to day, you’ll run practical threat-modelling sessions, review application and cloud designs, improve security playbooks, support vulnerability and misconfiguration remediation, and build automation that reduces toil
- We’re looking for someone who has demonstrably improved security outcomes in real engineering environments, not just someone with theoretical knowledge of tools or frameworks
- Depending on team structure, you may also mentor or line-manage one or two security engineers, while remaining hands‑on and close to the technical work
- Tune and evolve SAST, software composition analysis, secret scanning and related controls so they are actionable, low-noise and useful to engineering teams
- Help identify, prioritise and reduce AWS and infrastructure-as-code misconfigurations and vulnerabilities at scale
- Improve how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and third‑party advisories are triaged, prioritised and remediated
- Help teams understand, own and remediate cloud security issues using pragmatic, developer-friendly workflows
- Facilitate lightweight threat-modelling sessions for new products, features, services and architectural changes
- Create or improve scripts, integrations, dashboards and workflows that reduce manual effort and make risk easier to understand
- Provide application and cloud security input into design reviews, AWS architecture decisions and larger technical changes
- Work closely with product, platform and software engineering teams to embed security into design, delivery and operational practices
- Provide application and cloud security expertise during incidents and feed lessons learned back into patterns, tooling and guidance
- Coach security engineers and engineering teams on practical security approaches. Depending on team structure, this may include line management of one or two security engineers
Company: Deepstreamtech
Location: London
Job Description:
Requirements
- Application and cloud security experience: practical experience across both application security and cloud security, ideally in AWS-hosted, cloud-native environments
- Developer-friendly security mindset: you know how to work with engineers, explain risk clearly and design controls that help teams move securely without unnecessary friction
- Vulnerability management at scale: experience improving how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and advisories are identified, prioritised, owned and remediated across engineering teams
- Cloud misconfiguration & vulnerability management: experience identifying and reducing infrastructure-as-code and AWS vulnerabilities & misconfigurations at scale through pragmatic guardrails, tooling and clear remediation paths
- Threat modelling: confidence running lightweight, practical threat-modelling sessions that lead to useful engineering decisions and risk reduction
- CI/CD and code security: hands-on experience with security tooling such as SAST, software composition analysis, secret scanning and IaC scanning
- Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce toil, improve visibility and surface meaningful risk
- Security leadership: ability to mentor other security engineers and influence engineers across the wider organisation, potentially including line management
- AI security awareness: experience of leveraging AI to improve and scale appsec and cloud sec controls would be useful, but is not essential
- Strong practical experience in application security and cloud security, ideally with a balanced focus across both
- Hands‑on AWS security experience, including common misconfiguration patterns and practical remediation approaches
- Experience improving vulnerability management across engineering teams, including prioritisation, ownership, remediation tracking and noise reduction
- Experience in improving cloud or IaC misconfiguration management at scale in a developer-friendly way
- Experience integrating, tuning or improving security tooling in CI/CD workflows, such as SAST, software composition analysis, secret scanning or IaC scanning
- Experience running practical threat-modelling sessions that influence design, delivery or remediation decisions
- Ability to write scripts or small tools, ideally in Python, to automate security workflows or improve visibility
- Strong communication and collaboration skills, with the ability to influence engineers and technical leaders without relying on gatekeeping
- Evidence of improving application security, cloud security or vulnerability management practices in a real engineering environment
- Familiarity with Agile or Scrum ways of working
- (Desirable) Experience with leveraging AI for AppSec and CloudSec
- (Desirable) AWS Certified Security – Speciality or equivalent practical AWS security experience
- (Desirable) Terraform or CloudFormation expertise
- (Desirable) Incident-management or incident-response experience
- (Desirable) Experience with Splunk or similar logging/SIEM platforms
- (Desirable) Experience with security metrics, dashboards or reporting that helped drive measurable risk reduction
- (Desirable) Experience mentoring or line-managing security engineers
What the job involves
- We’re looking for a Senior Cyber Security Engineer to help mature application and cloud security across the FT’s cloud-native, AWS-hosted technology estate
- This role has an approximate 50/50 focus across application security and cloud security, working closely with product, platform and engineering teams to make secure delivery easier by default
- You’ll shape and improve developer-friendly guardrails across GitHub-based CI/CD pipelines, AWS environments and infrastructure-as-code workflows
- This includes improving SAST, software composition analysis, secret scanning, IaC scanning, vulnerability management and AWS misconfiguration management so that findings are actionable, low-noise and owned by the right teams
- Day to day, you’ll run practical threat-modelling sessions, review application and cloud designs, improve security playbooks, support vulnerability and misconfiguration remediation, and build automation that reduces toil
- We’re looking for someone who has demonstrably improved security outcomes in real engineering environments, not just someone with theoretical knowledge of tools or frameworks
- Depending on team structure, you may also mentor or line-manage one or two security engineers, while remaining hands‑on and close to the technical work
- Tune and evolve SAST, software composition analysis, secret scanning and related controls so they are actionable, low-noise and useful to engineering teams
- Help identify, prioritise and reduce AWS and infrastructure-as-code misconfigurations and vulnerabilities at scale
- Improve how application vulnerabilities, dependency risks, bug bounty findings, penetration test findings and third‑party advisories are triaged, prioritised and remediated
- Help teams understand, own and remediate cloud security issues using pragmatic, developer-friendly workflows
- Facilitate lightweight threat-modelling sessions for new products, features, services and architectural changes
- Create or improve scripts, integrations, dashboards and workflows that reduce manual effort and make risk easier to understand
- Provide application and cloud security input into design reviews, AWS architecture decisions and larger technical changes
- Work closely with product, platform and software engineering teams to embed security into design, delivery and operational practices
- Provide application and cloud security expertise during incidents and feed lessons learned back into patterns, tooling and guidance
- Coach security engineers and engineering teams on practical security approaches. Depending on team structure, this may include line management of one or two security engineers
#J-18808-Ljbffr…
Posted: May 18th, 2026