Kubernetes & Cloud Security Engineer

Kubernetes & Cloud Security Engineer

Job Description

[Up to c. £225k Comp Package | On-Site Working]

Role Overview

We’re representing a leading investment management firm seeking a Kubernetes & Cloud Security Engineer to embed security directly into its platform engineering and software delivery environment. This role is focused on making secure engineering the default - building practical guardrails into cloud, container, pipeline and infrastructure workflows without slowing delivery. The position will take ownership across Kubernetes security, Azure security, CI/CD hardening, Infrastructure-as-Code controls and container supply chain protection. It is a hands-on engineering role suited to someone who can work closely with DevOps, platform and security operations teams to design patterns, implement controls, automate validation and improve security across modern cloud-native systems...

Key Responsibilities

• Define and implement Kubernetes security standards across managed and downstream clusters, covering pod security, RBAC, network segmentation, admission control and secrets handling
• Harden deployment pipelines by improving credential scoping, artefact integrity, review controls, signing, provenance and build security
• Act as the security engineering partner for platform and DevOps teams, reviewing architecture decisions and documenting secure design patterns
• Improve Azure security posture across subscriptions, identity integrations, workload access, private networking, policy enforcement and key management
• Build and maintain reusable Terraform or Bicep modules that include secure defaults for logging, encryption, access control and network design
• Own security controls around package repositories, container images, third-party dependencies and base image standards
• Run threat modelling for new platform services, Kubernetes components and pipeline changes, converting findings into practical remediation work
• Partner with Security Operations to build detections for cloud-native attack paths such as token misuse, OIDC abuse, container escape and suspicious cluster behaviour
• Develop lightweight tooling or validation scripts where existing products do not solve the problem cleanly
• Continuously improve secure-by-default patterns across the platform so teams encounter guardrails early in the development lifecycle

What You’ll Bring…

• 5-10 years’ experience in security engineering, with strong exposure to cloud-native, Kubernetes or platform security environments
• Hands-on Kubernetes security experience, including pod security controls, RBAC, admission policies, network policies and cluster assessment tooling
• Experience with policy and control frameworks such as OPA/Gatekeeper, Kyverno or equivalent Kubernetes-native tooling
• Strong Infrastructure-as-Code experience using Terraform or Bicep in production environments
• Strong understanding of CI/CD security across platforms such as Bitbucket, TeamCity, Octopus, GitLab or GitHub Actions
• Practical knowledge of software supply chain security, including signed artefacts, provenance, dependency controls and image scanning
• Production experience securing Microsoft Azure environments, including Entra ID integration, Azure Policy, Defender for Cloud and private networking
• Ability to write tooling or automation in Python, Go or similar languages
• Good understanding of cloud-native attack techniques and how to detect, prevent or contain them
• Strong academic background, ideally from a Russell Group university or international equivalent
• (Preferred) Experience within financial services, trading, investment management or another highly regulated technical environment
• (Preferred) Exposure to SLSA-aligned supply chain programmes or mature software provenance controls
• (Preferred) Certifications such as CKS, AZ-500, OSCP or equivalent practical credentials

...

Apply for this role

All fields marked with * are required.