Senior Cloud Security Engineer

Company: HealthHero
Apply for the Senior Cloud Security Engineer
Location: London
Job Description:

Responsibilities

  • This role will form a fundamental part of a growing Platform Security function, where the team covers application security, cloud security, security operations, culture and risk management.
  • As a tech‑centric organisation the Information Security team will play a critical part in embedding a security‑first mindset into application development and continuous application monitoring.
  • This role will co‑own the cloud security posture and tooling across HealthHero’s AWS and Azure estates and have the opportunity to tackle cloud security with an international scope.
  • The role will be supported by a multidisciplinary force of Infrastructure, Data Governance and Engineering team leads with a security focus as part of their remit.
  • The role has a focus on infrastructure and cloud networking when it comes to security posture.

DevSecOps & SDLC

  • Champion integration of security testing into CI/CD pipelines across all development teams and usage of automated security gates: SAST, DAST, dependency scanning, secrets detection.
  • Enable self‑serve security tooling for development teams.
  • Ability to set up development environment.

Cloud Security

  • Own cloud security posture management using Wiz (or similar CSPM). Define and enforce cloud security baselines, guardrails, and policies in AWS.
  • Implement and maintain IaC security scanning for Terraform.
  • Manage IAM policies, network segmentation, and secrets management.
  • Configure and tune SIEM (or similar) for cloud‑focused detection.
  • Establish logging, monitoring, and alerting requirements based on threat modelling.
  • Investigate and respond to cloud security events.

Risk & Compliance

  • Identify, articulate, and elevate security risks to senior leadership with mitigation plans.
  • Track and remediate vulnerabilities across infrastructure.
  • Manage customer initiatives related to due diligence when required.
  • Support and develop an annual programme of penetration testing and associated remediations.

Stakeholder Engagement

  • Partner with internal stakeholders to support any requirements from the security function – particularly governance and accreditation requirements across different countries.
  • Provide expertise on emerging threats and vulnerabilities.
  • Support response to customer/client due diligence requests with timely and accurate information regarding vulnerability exposure.

Qualifications

  • Understanding of secure coding, penetration testing techniques, SIEM, and vulnerability management.
  • Proven experience in application security, DevSecOps, or cloud security.
  • Experience securing cloud environments (AWS, Azure).
  • Understanding and practical experience of ISO27001:2022 controls and audit processes.
  • Ability to read and write IAC (Terraform) code, comfortable with IAC lifecycles.
  • Strong understanding of cloud networking.
  • Understanding of managing Secure Development Lifecycle and Vulnerability Management.
  • Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security and risk analysis.
  • Familiarity with container security and Kubernetes.
  • Experience in regulated environments (healthcare, financial services).
  • AWS Security Specialty or similar certification.
  • Familiarity with NHS DSPT.
  • Technical knowledge of GDPR and data protection requirements.
  • Hands‑on with CI/CD security tooling and pipeline integration.
  • Interest in learning other countries’ health and security regulations (France, UK, IR, DE).

#J-18808-Ljbffr…

Posted: July 4th, 2026