Senior Cloud Security Engineer

Technology is our how. And people are our why. For over two decades, we have been harnessing technology to drive meaningful change.

By combining world-class engineering, industry expertise and a people-centric mindset, we consult and partner with leading brands from various industries to create dynamic platforms and intelligent digital experiences that drive innovation and transform businesses.

From prototype to real-world impact - be part of a global shift by doing work that matters.

Endava is seeking a skilled and hands‑on Senior Cloud Security Engineer. This role is responsible for defining, governing, and continuously improving secure cloud architectures and controls across IaaS, PaaS, and SaaS environments for enterprise clients.

The Cloud Security Engineer will design and embed secure-by-design patterns, guardrails, and posture management capabilities that protect critical systems and data while enabling scalable, cloud‑first delivery. The role requires close collaboration with Cloud Operations, DevOps, and Product Engineering teams to ensure that security controls are automated, measurable, and aligned to modern engineering practices.

As a subject matter expert, you will play a key role in strengthening clients’ cloud security maturity, supporting incident response activities, and integrating security into DevSecOps pipelines and platform engineering models.

Responsibilities:

• 
  
• Define and maintain cloud security policies, standards, reference architectures, and baseline control frameworks across AWS, Azure, and/or GCP environments.
  
• Design secure cloud landing zones, including IAM models, network segmentation, encryption standards, key management, and secrets management.
  
• Implement and govern Cloud Security Posture Management (CSPM) capabilities, including risk‑based remediation workflows and exception handling.
  
• Partner with Cloud Operations and Platform Engineering teams to embed policy‑as‑code, automated guardrails, and infrastructure‑as‑code security controls.
  
• Standardize logging and monitoring requirements to ensure effective threat detection, investigation, and response across cloud platforms.
  
• Conduct security architecture reviews for new cloud services and major platform changes.
  
• Support cloud‑related incident response activities, including root cause analysis and containment strategies.
  
• Contribute to secure development enablement by providing reusable security blueprints, patterns, and anti‑pattern guidance.
  
• Collaborate with Cyber Defence/SOC teams to ensure cloud telemetry is integrated into SIEM and detection engineering workflows.
  
• Support third‑party SaaS risk assessments and multi‑cloud security risk evaluations where required.
  

Experience:

• 
  
• Minimum 8–10 years of experience in IT, with at least 5 years in cloud security, cyber engineering, or cloud architecture roles.
  
• Proven hands‑on experience securing cloud environments using native controls (IAM, networking, encryption, logging, and monitoring).
  
• Experience implementing and operating Cloud Security Posture Management (CSPM) tools and remediation programs.
  
• Demonstrated ability to work with Cloud Operations and DevOps teams to operationalize security controls within delivery pipelines.
  
• Experience designing secure landing zones and enterprise‑scale cloud governance frameworks.
  
• Strong understanding of shared responsibility models across major cloud providers.
  
• Relevant certifications such as AWS Security Specialty, CCSP, Azure Security Engineer Associate, or equivalent are desirable.
  

Technical Skills:

• 
  
• Deep expertise in at least one major cloud platform (AWS, Azure, or GCP); multi‑cloud exposure preferred.
  
• Strong knowledge of:
  
  • 
    
  • Identity and Access Management (IAM) design
    
  • Network security architecture (segmentation, private connectivity, zero trust principles)
    
  • Data protection (encryption at rest/in transit, KMS, secrets management)
    
  • Secure cloud logging and monitoring patterns
    
  
  
• Experience with CSPM platforms such as Prisma Cloud, CrowdStrike CSPM, Defender for Cloud, or similar.
  
• Familiarity with Infrastructure-as-Code (Terraform, ARM, CloudFormation) and policy‑as‑code approaches.
  
• Experience integrating cloud telemetry into SIEM platforms and supporting SOC operations.
  
• Working knowledge of DevSecOps tooling and CI/CD security integration.
  
• Understanding of resilience, availability, and secure architecture design principles.
  

Discover some of the global benefits that empower our people to become the best version of themselves:

• 
  
• Finance: Competitive salary package, share plan, company performance bonuses, value‑based recognition awards, referral bonus;
  
• Career Development: Career coaching, global career opportunities, non‑linear career paths, internal development programmes for management and technical leadership;
  
• Learning Opportunities: Complex projects, rotations, internal tech communities, training, certifications, coaching, online learning platforms subscriptions, pass‑it‑on sessions, workshops, conferences;
  
• Work-Life Balance: Hybrid work and flexible working hours, employee assistance programme;
  
• Health: Global internal wellbeing programme, access to wellbeing apps;
  
• Community: Global internal tech communities, hobby clubs and interest groups, inclusion and diversity programmes, events and celebrations.
  

At Endava, we’re committed to creating an open, inclusive, and respectful environment where everyone feels safe, valued, and empowered to be their best. We welcome applications from people of all backgrounds, experiences, and perspectives—because we know that inclusive teams help us deliver smarter, more innovative solutions for our customers. Hiring decisions are based on merit, skills, qualifications, and potential. xcfaprz If you need adjustments or support during the recruitment process, please let us know.