Principal Security Engineer - AWS Infrastructure Focus

Competitive salary + 20% Bonus + 30 days holiday, health & dental insurance, £2,000 learning budget, free gym membership, 6% pension contribution

Leeds

Hybrid working

Fruition IT are recruiting a Principal Security Engineer on behalf of a market leading 24x7 online based in Leeds.

Why apply?

An exciting opportunity has arisen for a Principal Security Engineer to join the Security Architecture team, with a specific focus on AWS infrastructure. This role is pivotal in supporting the company's strategic efforts to modernise applications and platform. Reporting to the Head of Secure Architecture, you will work closely with product teams, solution architects, and engineers to ensure platforms, integrations and AWS cloud infrastructure are secure by design and adhere to best practices.

What will I be doing?

• Collaborate with solution architects and engineers, offering expert security guidance to ensure platform components meet industry security standards.
• Act as the primary point of contact for security within a key division, ensuring comprehensive coverage of all security matters.
• Provide hands-on support to build security controls and contribute to secure configurations, such as cloud security policies and zero-trust mechanisms.
• Help teams identify and mitigate risks, ensuring a secure environment for end users.
• Work with the broader Security Engineering team to maintain a consistent approach to security across the organisation.
• Stay up to date with new technologies and remain committed to continuous learning in the field of information security.

What skills & experience do I need?

• Significant experience in information security, with a strong focus on AWS cloud security architecture.
• Expertise in conducting security assessments using threat modelling and security patterns to identify vulnerabilities and recommend mitigation strategies, especially in regulated environments.
• Proven ability to define security controls for multi-tenant platforms with various API-driven integrations and data services.
• Experience in applying cybersecurity principles to maintain confidentiality, integrity, and availability of systems, ensuring design weaknesses are avoided.
• Hands-on experience deploying security solutions and designing countermeasures to mitigate risks.
• Proficiency in modern authentication models, including zero-trust, token-based architectures, and verification mechanisms.
• Knowledge of OWASP Top 10 and CWE Top 25 vulnerabilities, and experience embedding security within the software development life cycle (SDLC).
• Familiarity with APIs, Kubernetes, Kafka, and AWS infrastructure, along with cyber security standards and frameworks.
• Strong expertise in network access controls, identity and access management, and zero-trust practices.
• Ability to work independently, balancing security risk with business objectives and delivery timelines.

Desirable Traits:

• Passionate about learning and exploring new technologies.
• Effective communicator with a collaborative spirit, able to work across diverse teams.

If you're passionate about security and excited to work in a dynamic environment, even if you don't meet every requirement, we encourage you to apply!

We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age.