Senior Cloud Security Engineer

Trainline
London
2 days ago
Create job alert

About us:

We are champions of rail, inspired to build a greener, more sustainable future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels.

Great journeys start with Trainline

Now Europe's number 1 downloaded rail app, with over 125 million monthly visits and £5.9 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, and affordable as it should be.

Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey.

Introducing the Trainline Security Team

Join our dynamic team, where we focus on designing, implementing, and monitoring security controls to ensure a robust security posture in a fast-evolving environment. As part of our mission to continuously improve and mature Trainline's security capabilities, we work in close collaboration with cross functional teams, including Cloud Engineering, SRE, Platform Engineering, and more, to integrate the latest technologies and best practices into our security strategy.

You will play a critical role in safeguarding all digital channels that collectively generate billions of pounds in annual ticket sales, ensuring that our systems remain secure, resilient, and innovative in the face of evolving threats.

As a Senior Cloud Security Engineer at Trainline, you will be responsible for...

  • Cloud Security Architecture & Design: Support the design, implementation, and maintenance of robust security frameworks and controls to protect cloud infrastructure in our AWS environment. Ensure that security is seamlessly integrated into every layer of the cloud architecture, from network configuration to identity management.
  • Container & Orchestration Security: Partner with Cloud Engineering, DevOps, and Platform teams while being a key stakeholder in the architecture and implement secure containerised environments using platforms like Docker, and ECS. Focus on vulnerability mitigation, compliance automation, and secure orchestration practices to ensure container workloads are resilient and meet organisational security requirements.
  • Security Policy Development & Enforcement: Develop, document, and enforce comprehensive cloud security policies, standards, and procedures that govern cloud infrastructure, services, and containerised workloads. Drive compliance initiatives for security frameworks such as CIS Benchmarks, NIST, and SOC2, ensuring policies are consistently applied across the organization.
  • Cloud Migration & Native Infrastructure Support: Provide expert guidance and hands on support to teams migrating workloads and applications to cloud-native infrastructure, ensuring security considerations are fully addressed throughout the migration lifecycle. Assist in the adoption of best practices for securing cloud-native architectures
  • Security Integration into SDLC & CI/CD Pipelines: Collaborate with Development, Platform, and QA teams to integrate security best practices into the software development lifecycle (SDLC) and CI/CD pipelines. Ensure security is prioritised through automation tools, security testing, and vulnerability scanning as part of the continuous delivery process.
  • Security Assessments & Incident Response: Conduct security assessments, vulnerability scans and risk analyses to identify and address potential security weaknesses within cloud environments. Support the security operations team in incident response efforts related to cloud security incidents, ensuring timely detection, containment, and remediation.
  • Staying Current on Threat Intelligence & Industry Trends: Continuously research and stay up to date on emerging threats, vulnerabilities, and security trends within cloud infrastructure, container security, and DevSecOps practices. Regularly evaluate new security tools, frameworks, and technologies to enhance the organisation's cloud security posture.
  • Security Training & Mentorship: Provide ongoing cloud security training, guidance, and mentorship to Engineering and Platform teams, fostering a security-first culture within the organisation. Ensure that teams are well-equipped to identify, understand, and mitigate cloud security risks and align with established security standards and frameworks.


We'd love to hear from you if you have...

  • AWS Expertise & Cloud Security Experience: Proven experience in implementing and managing robust security controls across AWS environments, with a strong understanding of cloud-native security best practices. Familiarity with other major cloud platforms such as GCP and Azure is highly desirable. Experience working with web-based Git repositories (e.g., GitHub, GitLab) and cloud services such as AWS Lambda, API Gateway, and other serverless architectures to ensure secure configurations and operations. Strong understanding of cloud security frameworks, such as AWS Well-Architected Framework and CIS Benchmarks.
  • Networking Skills: Solid experience with cloud networking concepts and services, including configuring and securing Virtual Private Clouds (VPCs), Subnets, Security Groups, and Network ACLs. Expertise in implementing and managing Content Delivery Networks (CDNs), Web Application Firewalls (WAF), and DDoS protection. Ability to design and enforce security policies that align with best practices for cloud networking and ensure secure application delivery.
  • Infrastructure & Compliance as Code: Comprehensive knowledge of Infrastructure as Code (IaC) practices, including the use of tools like Terraform or AWS CloudFormation to automate the provisioning and management of cloud resources. Strong understanding of Policy as Code frameworks such as OPA or AWS config to enforce security policies and compliance requirements automatically across the infrastructure. Experience in driving Cloud Security maturity in fast-paced, agile environments, and advocating for security automation and DevSecOps practices to streamline security governance.
  • An Engineering Mindset: Troubleshooting and problem-solving skills to quickly identify security issues and gaps within automated processes. The ability to implement effective solutions that enhance the overall security posture is essential. You should possess an analytical approach to continuously evaluate and refine automation workflows, security controls, and cloud security policies, identifying areas for improvement and optimizing the security infrastructure.


More information:

Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, extra festive time off, and excellent family-friendly benefits.

We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days. Jump on board and supercharge your career from day one!

Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do:

  • Think Big- We're building the future of rail
  • Own It- We focus on every customer, partner and journey
  • Travel Together- We're one team
  • Do Good- We make a positive impact


We know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity, sexuality, disability, nationality and diversity of thought. That's why we're committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated.

Interested in finding out more about what it's like to work at Trainline? Why not check us out on LinkedIn, Instagram and Glassdoor!#J-18808-Ljbffr

Related Jobs

View all jobs

Senior Cloud Security Engineer

Senior Cloud Security Engineer

Senior Cloud Security Engineer

Senior Cloud Security Engineer FullTime London

IT Infrastructure Senior Cloud Engineer

Senior Security Engineer

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Portfolio Projects That Get You Hired for Cyber Security Jobs (With Real GitHub Examples)

With rising cyber threats and increasingly sophisticated attacks, cyber security has become a critical priority for organisations worldwide. From penetration testers (pentesters) and SOC analysts to cloud security engineers and threat intelligence specialists, the demand for skilled cyber security professionals continues to surge. But how do you stand out in a growing field? Alongside your CV, an impressive cyber security portfolio can be the distinguishing factor that convinces employers you’re the right fit. In this comprehensive guide, you’ll discover: Why a cyber security portfolio is essential for job seekers in this domain. How to align portfolio projects with different cyber security career paths. Real GitHub examples that demonstrate best practices in security-focused projects. Actionable project ideas you can start today, from penetration testing labs to blue-team detection pipelines. Best practices for organising your repos and presenting your work so hiring managers can instantly see your impact. When you’re ready to pursue your next opportunity, remember to upload your CV on CyberSecurityJobs.tech. Our specialised platform connects talented security professionals with employers who need your expertise—exactly what your portfolio will showcase.

Cyber Security Job Interview Warm‑Up: 30 Real Coding & System‑Design Questions

The need for skilled cyber security professionals has never been greater. As organisations rapidly digitise their operations and store increasing amounts of sensitive data online, cyber threats loom large—ranging from sophisticated ransomware attacks to insider threats and state‑sponsored espionage. Against this backdrop, cyber security jobs remain some of the most in‑demand and mission‑critical roles on the market. If you’re preparing for a cyber security interview, expect to be tested on a broad spectrum of topics—from secure coding and incident response to network security architecture and compliance standards. In many cases, companies also include problem‑solving exercises and system design scenarios to gauge how well you can apply theoretical knowledge to real‑world threats. To help you ace these assessments, we’ve compiled 30 real coding & system‑design questions you might encounter. Each reflects a key area of cyber security—whether it’s encryption and key management, threat modelling, or designing a zero‑trust network. Along the way, we’ll offer insights and best practices so you can stand out from the crowd. If you’re on the lookout for exciting cyber security roles in the UK, head to www.cybersecurityjobs.tech. There, you’ll discover a range of positions—covering everything from penetration testing and threat intelligence to compliance management and security operations. Let’s dive into the essentials of interview readiness.

Negotiating Your Cybersecurity Job Offer: Equity, Bonuses & Perks Explained

How to Secure Compensation That Reflects Your Value in the UK’s High-Stakes Cybersecurity Sector Introduction As cyber threats grow more sophisticated and frequent, cybersecurity professionals have never been more in demand. From thwarting ransomware attacks to architecting secure cloud infrastructures, mid‑senior cybersecurity experts play a critical role in safeguarding a company’s data and reputation. Thanks to this growing reliance on cybersecurity, employers in the UK are going above and beyond simple salary offers to attract the top echelon of talent. Although base salary remains a key component of any job offer, the broader package—encompassing equity, bonuses, and perks—can often surpass what you’d gain from a small bump in monthly pay. For cybersecurity specialists working in areas such as threat intelligence, incident response, penetration testing, or compliance, the complexity and risk mitigation you bring to the table is massive. Knowing how to negotiate the entire package ensures you are duly rewarded for keeping an organisation’s data, assets, and operations safe. In this guide, we’ll delve into every aspect of negotiating a cybersecurity job offer. Whether you’re pivoting to a mid‑senior role or cementing your expertise at an established security consultancy, understanding the full range of compensation elements will help you secure an offer that acknowledges the criticality of what you do. Let’s explore equity options, performance bonuses, and the perks that matter most, so you can come out of your next job negotiation confident that you’re getting more than just a salary.