Cloud Security Engineer - Reading

At Virgin Media, we believe that great employee experience leads to great customer experience. From our CEO to our field engineers, we are committed to growing a diverse and inclusive culture that empowers innovation, thus achieving our purpose of “Building connections that really matter” and our North Star “To become the most recommended brand by our people and customers”.

Operating in the public cloud has unlocked tremendous capabilities for innovation and agility for us. We are on the journey to have one of the most sophisticated multi cloud environments in Europe.

Our team is responsible for the security, reliability, observability, and operability of our platforms. We are fundamentally forward-thinking, enthusiastic problem solvers. People who thrive in our team are those who love a challenge, constantly evaluate and question. We are aiming for zero manual processes, strong software engineering proficiency, and zero touch security.

The role holder is a seasoned Cloud Security Engineer, who will focus on solving complex Security engineering challenges. Our DevSecOps team at Virgin Media is responsible for securing our cloud environments and protecting our customers, partners, employees, and intellectual property. As a Cloud Security Engineer in the team, the role holder will collaborate with other Security colleagues, Cloud and Engineering teams to improve visibility of cloud resources and secure configuration management of infrastructure. The role holder will build reliable tools to prevent, mitigate or automatically remediate misconfigurations and extend our operational excellence around secure cloud infrastructure.

Key Responsibilities 

• Work on the trifecta of visibility, compliance, and remediation for public cloud security. Provide security expertise for software projects and cloud service designs

• Perform hands-on threat modelling, risk assessment, and web service security validation

• Develop new tools, templates, and methods to help teams across Virgin Media scale securely. Partner with Engineering and Cloud teams to build a secure cloud native platform

• Provide security expertise for software projects and cloud service designs for a hybrid cloud model

• Explore different threat vectors for services across public clouds. Exercise your security research skills to drive novel security policies to detect complex misconfiguration scenarios using python, PowerShell, etc.

• Research and implement advanced layered public cloud security use cases e.g., IAM, analytics, true network exposure, etc.

• Implement test automation and metrics for measuring security efficacy.

• Implement auto remediation using serverless, PowerShell, etc.

• Act as a bridge between Cloud, Engineering DevSecOps, and product management

• Mentor, learn, and constantly hone your own technical skills and guide others to improve theirs.

Typical knowledge, experience, and skills

• Bachelor's degree or a minimum of 4 years of experience in cloud security, with demonstrated experience in GCP, AWS, Docker, and Kubernetes

• Proficient with Python, Java, Linux, Windows, Docker, and Kubernetes

• Excellent infrastructure security experience and passionate about tackling risks from misconfigurations

• Operations experience in running and maintaining software, operating a large cloud deployment, or creating and triaging alerts around the health and security of systems

• Working knowledge of public cloud security compliance standards e.g., CIS, NIST, PCI, SOC, etc.

• Proficient with Infrastructure-as-code (IaC) like Terraform, Cloud Formation, etc. 

• Good working knowledge of cloud based IAM, e.g., Azure AD, Okta, etc.

• Experience with delivering in an Agile manner, particularly Scrum

• Have Growth mindset, professional curiosity, and the ability to enable yourself in new technologies. Enthusiasm, resilience, and a positive attitude

• Excellent verbal and written communications skills. Work well with other people, see the value of a team, and partner effectively with all stakeholders. Thrive by identifying high leverage work and doing it without explicit direction.

Our DevSecOps philosophy mirrors that of The DevSecOps Manifesto.

Through Security as Code, we have and will learn that there is simply a better way for security practitioners, like us, to operate and contribute value with less friction. We know we must adapt our ways quickly and foster innovation to ensure data security and privacy issues are not left behind because we were too slow to change.

Leaning in over Always Saying “No”

Data & Security Science over Fear, Uncertainty, and Doubt

Open Contribution & Collaboration over Security-Only Requirements

Consumable Security Services with APIs over Mandated Security Controls & Paperwork

Business Driven Security Scores over Rubber Stamp Security

Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities

24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident

Shared Threat Intelligence over Keeping Info to Ourselves

Compliance Operations over Clipboards & Checklists

We believe that great employee experience leads to excellent customer experience.