Cloud Security Engineer (GDC, Identity & Access, Encryption) – SC Eligible – Government ProjectsByDesign Secure • London, England, United Kingdom
Cloud Security Engineer (GDC, Identity & Access, Encryption) – SC Eligible – Government Projects
ByDesign Secure
- London, England, United Kingdom
- London, England, United Kingdom
Über
Opening: Join the Mission
At ByDesign Secure, we believe that world-class security shouldn't be an afterthought—it should be the foundation. We are an independent, outputs-based consultancy dedicated to solving the most complex data assurance challenges in the UK public sector. Currently, we working on a landmark transformation of a cross-government secure IT system. This is an exciting opportunity to help architect a private cloud environment from the ground up and modernize the end-user services that power national decision-making. We don't believe in "billing by the hour" or rigid hierarchies; we are a lean, expert team focused on delivering high-impact technical outcomes. If you are a self-starter who thrives on autonomy and wants to see your engineering or architectural decisions shape the future of sovereign security, we want to talk to you.
About the Opportunity
* We are seeking a skilled Cloud Security Engineer to design and implement secure workloads within a Google Distributed Cloud (GDC) environment.
* This role is ideal for a security professional with a strong GCP background (Other CSP experience also considered) and an active Professional Cloud Security Engineer certification, as these competencies are directly transferable to managing security in air-gapped or edge configurations.
* You will be responsible for ensuring security, rigour, and compliance within mission-critical government secure delivery.
What You’ll Be Doing
* Identity & Access Management: Designing and managing complex identity architectures, including single sign-on (SSO) integration, multi-factor authentication (MFA), and the automated lifecycle management of privileged user accounts.
* Authorisation & Resource Hierarchy: Defining granular resource hierarchies and implementing the principle of least privilege using advanced identity policies, conditions, and organizational constraints.
* Boundary & Perimeter Protection: Configuring robust network defences, including next-generation firewalls, web application firewalls (WAF), and secure service perimeters to isolate sensitive workloads.
* Data Protection & Encryption: Implementing discovery and redaction services for sensitive data (PII) and managing full-lifecycle encryption through hardware or software-based key management systems.
* Securing the Software Supply Chain: Automating vulnerability scanning and policy enforcement within continuous integration and delivery (CI/CD) pipelines to ensure only authorised code is deployed.
What You’ll Bring
* Demonstrable experience as a practicing Security Engineer, with the ability to transition cloud-native security best practices to a distributed/edge platform.
* Deep proficiency in configuring network security defences, threat monitoring, and regulatory compliance controls.
Bonus Points For
* Current, non-expired Professional Cloud Security Engineer certification.
* Experience operating within or alongside classified UK Government secure environments (e.g., SECRET or above).
* Familiarity with GDS Service Standards or equivalent public sector delivery frameworks.
* Experience working in air-gapped or disconnected environments with little or no internet connectivity
Clearance Requirements:
* *This role requires either an existing Security Clearance (SC level) or for one to be passed before commencement. There must be a willingness to undergo Developed Vetting (DV). *
Work Location: Hybrid remote in London SW1A
Job Types: Temporary, Fixed term contract
Contract length: 12 months
Pay: £650.00 per day
Application question(s):
* Do you have experience implementing Identity and Access Management (IAM) and least privilege hierarchies in a cloud environment?
* Have you managed encryption keys (CMEK/EKM) or Sensitive Data Protection (SDP) within a secure or air-gapped environment?
* Do you have the permanent right to work in the UK?
* Do you currently hold active UK SC clearance?
* Are you eligible and willing to undergo UK SC clearance for this role? (Applications without this cannot be considered)
* Does your delivery approach allow for on-site presence in London (SW1A) when required (typically around 2 days per week)?
Work Location: Hybrid remote in London SW1A
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.