Development, Security, and Operations Engineer
We're seeking a hands-on Security Engineer to build scalable controls through code and automation. We treat security as an engineering challenge–focusing on IaC, reliable guardrails, and making “secure by default” easy for our teams.
We aren't looking for a “checkbox” security professional or someone who just quotes NIST frameworks. We need a builder. This role is for a technical engineer who views security as an engineering problem to be solved with code, not a set of documents to be filed. Whether you’re a DevOps specialist with a “hacker” mindset or a Developer who’s tired of building features and wants to start securing them, we want your technical foundation.
Responsibilities
* Instead of manually reviewing logs, you’ll be writing the scripts that automate threat detection.
* Working within AWS and GCP to ensure our infrastructure is secure by design using Pulumi, CDK, or Terraform
* Building and maintaining the CI/CD security gates that allow our dev teams to move fast without breaking things.
* Getting hands‑on with vulnerability scanning, occasional internal “red‑teaming,” and incident response when things get interesting.
What we’re looking for in you
* A solid background in Computer Science. You understand how systems talk to each other, how memory works, and why the “cloud” is just someone else’s computer.
* Automation First – you are proficient in at least one scripting language (Python, Go, JavaScript) and hate doing the same task manually twice.
* You’ve spent significant time in AWS or GCP. You know your way around IAM, VPCs, and serverless environments.
* You understand CI/CD using GitHub Actions and how to bake security into the deployment process.
* You’ve configured and managed Cloudflare, CloudFront and AWS WAF and know how to defend against common web threats at the perimeter.
The ‘nice to haves’
* We don’t necessarily expect you to arrive with a CISSP or a deep love for ISO. If you bring the engineering muscle, we will train you on Governance, Risk and Compliance.
* Previous experience in Penetration Testing or CTF competitions.
* Exposure to Incident Response (knowing what to do when the alarm goes off).
* Experience securing event‑driven serverless workloads.
Our Promise:
Shieldpay is an equal opportunities employer. For Shieldpay building a fair and transparent workforce begins with the recruitment process that does not discriminate on the grounds of gender, sexual orientation, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age. We offer flexible working options, such as flexible hours and hybrid work, to support our employees’ work‑life balance.
Team Technology: Locations London – Remote status Hybrid. Employment type Full‑time.
#J-18808-Ljbffr