Jobs

Senior Cloud Security Engineer


Job details
  • DrDoctor
  • London
  • 1 week ago

DrDoctor does not discriminate on the basis of race, sex, colour, religion, age, national origin, marital status, disability, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.

Overview 

Initially formed as a Cloud Infrastructure team, we are now evolving into a Platform Engineering team to better support our growing business. Our mission is to empower Product teams to deliver value quickly, reliably, and securely. 

We focus on 4 key areas: Cloud Infrastructure, Networking & Security, Engineering Productivity, and Resilience & Reliability.

Who Are You?

As a Cloud Security Engineer at DrDoctor, you will play a critical role in safeguarding our digital assets, with a primary focus on Application and Platform security. You'll collaborate closely with our Engineering teams to improve security knowledge and awareness across the business, advocating for best practices and always leading by example. 

In this role, you'll work with technologies such as Azure App Services and Container Apps, guiding teams in adopting secure practices and ensuring effective solutions are implemented in the right way. 

Your responsibilities will include designing and implementing security measures, providing technical expertise, and upskilling other Engineers whilst applying Agile principles to continuously improve and adapt in order to meet the needs of our growing teams.

OK, that’s me, but who are DrDoctor?

Take a look at our careers page (https://drdoctor.teamtailor.com/) to find out a bit more about our mission, vision, and impact!

But ultimately, we the NHS and want to help it work better. We radically transform the delivery of health services to make healthcare work for everyone – for patients, doctors, administrative teams and taxpayers.  

What would I be doing day to day?

One of the great things about a scale-up is that every day is different and there is always an opportunity to get involved in something outside of your ‘BAU’!

However, your key focus areas will be:

Application Security

  • Owning vulnerability and threat management, actively addressing identified issues and working closely with Developers to implement remediation, continuously enhance code security, and maintain compliance with security policies.
  • Supporting penetration testing efforts and implementing internal audits and automated scans (SCA, SAST, DAST).
  • Collaborating across all DevSecOps domains to enhance automation, observability, and resilience, with a focus on security of the SDLC.

Platform Security

  • Regularly assessing and enhancing the security posture across network, system, and cloud environments by identifying risks and threats and providing mitigation strategies.
  • Monitoring and maintaining security services, systems, and infrastructure. Building dashboards, alerts, and notifications for proactive monitoring and action.
  • Monitoring and supporting a wide range of services running within the cloud-native infrastructure, proactively identifying and resolving any security issues or concerns that might arise.
  • Ensure ongoing compliance with standards like CE+, DSPT toolkit, ISO27001, and others relevant to the organisation, engaging with stakeholders to maintain and improve adherence.
  • Upholding DrDoctor’s Cloud Security Posture to the highest standard through continuous iterative improvement of infrastructure, processes, products and policies.

Champion Security

  • Promoting a strong security culture by defining best practices for secure infrastructure and secure coding practices.
  • Raising awareness and sharing knowledge through guilds, training, lunch and learn sessions, and company wide presentations.
  • Assessing and optimising operational processes and ways of working by staying up to date with changes in the industry and adapting best practices to fit our setup and needs.
  • Leading security assessments, supporting the development of policies and procedures, and overseeing the implementation of security controls to ensure the protection of critical assets.

I’m interested. What experience do I need to have?

Must Haves:

  • You must be a hands on Engineer, who can work with cross-functional teams to integrate security early in the SDLC by adopting a shift-left approach.
  • Extensive experience in application and cloud security and a strong understanding of cyber security principles and technologies to identify and remediate vulnerabilities in web applications and cloud platforms, especially in Azure.
  • Experience implementing effective secure coding practices and security guardrails for a secure software development lifecycle: OWASP Top 10, SCA, SAST, DAST such as Snyk, Mend, OWASP Dependency-Track and Dependency-Check, SonarCloud, etc.
  • Strong understanding of cloud networking infrastructure and architecture: Application Gateways, ExpressRoute, VNets and Firewalls, Private and Service Endpoints, etc.
  • Experience in designing, implementing and troubleshooting secure cloud infrastructure solutions, including PaaS and IaaS.
  • Hands-on experience with cloud security tools and controls such as Qualys, Sentinel, Defender, Orca, Wiz, etc.
  • Familiarity with security standards and frameworks like ISO 27001, Cyber Essentials, NIST, and CIS, and experience ensuring compliance with these standards.
  • Experience working with investigation tools, techniques and solutions, including threat modelling, SIEM and SOAR.
  • Strong communication skills, with the ability to effectively collaborate across functions and explain complex security concepts to both technical and non-technical stakeholders.
  • Innovative mindset, able to challenge the status quo to ensure our solutions are the best they can be.

 Bonus Points for:

  • Experience designing, building, and maintaining secure cloud infrastructure using Infrastructure as Code (IaC), with tools like Bicep and Terraform, aligned with the Azure Well-Architected Framework
  • Contributing to security awareness training programs for developers
  • Working in an Agile environment, understanding Scrum and Kanban artefacts and events
  • Experience in a small but growing start-up environment

I can’t wait to get started, what are the perks?

We keep all of our Perks and Benefits updated on our careers pagehttps://drdoctor.teamtailor.com/ – we like to think there is something for everyone! Let us know if you have any questions regarding them.

As DrDoctor has grown, we are seeing more of our people wanting to socialise in different ways.

Whilst we know that some of us love to go to the pub, we want to make sure we are including a wide variety of activities and events for our teams to enjoy each other's company, we aim to continue creating an open space for anyone and everyone to suggest how they’d like to spend time with their teams.

Salary banding for this role is: £65,000 - £75,000. We can't wait to meet you!

Sign up for our newsletter

The latest news, articles, and resources, sent to your inbox weekly.

Similar Jobs

Senior Cloud Security Engineer Contract Dublin 6-18 Months

Senior Cloud Security Engineer Contract Dublin 6-18 Months. My client a leading global name is urgent need of a talented and experienced Senior Cloud Security Engineer to join their group on a rolling contract.As a Cloud Security Engineer, you will be responsible for designing, implementing, and maintaining security measures within...

Dublin

Senior Cloud Security Engineer

DrDoctor does not discriminate on the basis of race, sex, colour, religion, age, national origin, marital status, disability, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.Overview Initially formed as a Cloud Infrastructure team, we are now evolving into a Platform...

DrDoctor London

Principal / Senior Cloud Security Engineer

Multiple Cloud Security Engineer positions at Senior to Principal level at one of the UKs fastest growing cloud consultancies!These are fully remote opportunities, paying from £75,000 - £115,000 base salary with a bonus up to 20%, with some of the best training & development on the market, including a total...

Stott and May Glasgow

Principal / Senior Cloud Security Engineer

Multiple Cloud Security Engineer positions at Senior to Principal level at one of the UKs fastest growing cloud consultancies!These are fully remote opportunities, paying from £75,000 - £115,000 base salary with a bonus up to 20%, with some of the best training & development on the market, including a total...

Stott and May Sheffield

Principal / Senior Cloud Security Engineer

Multiple Cloud Security Engineer positions at Senior to Principal level at one of the UKs fastest growing cloud consultancies!These are fully remote opportunities, paying from £75,000 - £115,000 base salary with a bonus up to 20%, with some of the best training & development on the market, including a total...

Stott and May

Principal / Senior Cloud Security Engineer

Multiple Cloud Security Engineer positions at Senior to Principal level at one of the UKs fastest growing cloud consultancies!These are fully remote opportunities, paying from £75,000 - £115,000 base salary with a bonus up to 20%, with some of the best training & development on the market, including a total...

Stott and May Nottingham