Status: Open for Applications

Location: London

Salary: £48,500 – £54,500 per annum
Hours: 37.5 hours per week
Job Type: Full-Time, Permanent

Purpose of the Role

As Cyber Security Engineer you will design, implement, test and maintain Cloudsman’s cyber security systems across our development pipelines, hosted client environments, backup infrastructure, and internal systems. You will build and operate our application security tooling, a Jenkins-based CI/CD security platform, a Dependency-Track instance for software composition analysis, and a SonarQube platform for static code analysis, alongside a Wazuh SIEM, examine systems for threats, develop and document security test plans, and lead the response to security breaches.

Key Responsibilities

• Design, implement, test and maintain cyber security systems and tooling across Cloudsman’s web development, application development, email, backup, and hosting environments.
• Examine IT systems for potential threats to their security and integrity, and draw up response plans for situations where security is compromised.
• Design, deploy and administer a Jenkins-based CI/CD security platform, integrating automated security testing into build pipelines so that tests run on each commit and builds fail against defined compliance thresholds.
• Build and maintain a SonarQube platform to perform static application security testing (SAST) and code analysis, defining quality gates that govern release.
• Build and maintain a Dependency-Track platform to provide continuous software composition analysis (SCA) and software bill of materials (SBOM) visibility across development projects.
• Build and operate a Wazuh SIEM platform to collect and correlate logs across hosting, backup and development environments, investigate security incidents, analyse evidence, and produce findings for management and clients.
• Deploy osquery across endpoints and servers to provide host-level visibility, feeding telemetry into the SIEM for detection and threat hunting.
• Develop test plans for security systems, and undertake and document the testing of security systems for weaknesses and errors, identify the source of problems, and propose solutions.
• Develop quality standards, validation techniques, and secure configuration baselines for development, hosting, Microsoft 365 / Office 365 backup, data recovery, and CCTV systems.
• Identify, analyse and report on outstanding end-of-life, vulnerable, and high-risk components and code-analysis findings, and ensure remediation requests are tracked and resolved.
• Deal with and report on breaches in security, leading investigation, containment, and post-incident review.
• Make recommendations concerning software and system quality, and advise development and infrastructure teams on secure-by-design practices across the SDLC.

Who You Are

• Demonstrable experience designing, implementing, testing and maintaining cyber security systems.
• Hands-on experience building and operating CI/CD and application security tooling, ideally Jenkins, SonarQube, and Dependency-Track or equivalents.
• Experience building and operating a SIEM (e.g. Wazuh, Elastic) and endpoint visibility tooling such as osquery.
• Strong knowledge of security testing categories, SAST and SCA and integrating them into delivery pipelines.
• Ability to examine systems for threats, develop and document test plans, and root-cause security issues.
• Experience leading or supporting security incident and breach response, including evidence gathering and analysis.
• Understanding of threat frameworks (e.g. MITRE ATT&CK, Cyber Kill Chain) and how they inform detection and response.
• Knowledge of cloud security (IaaS, PaaS, SaaS), application security, and secure design of web and mobile applications.
• Working knowledge of Microsoft 365 / Office 365, cloud backup architectures, encryption, and identity and access management.
• Excellent problem-solving and communication skills, comfortable advising technical teams and clients.

Desirable

• Relevant certifications such as CEH (Certified Ethical Hacker) and ECSA (EC-Council Certified Security Analyst); others welcome (e.g. CISSP, CSSLP, OSCP, AWS/Azure security).
• Experience in a fast-moving, Agile, cloud-first environment.
• Familiarity with secure configuration of backup and CCTV/physical security platforms.

Scripting/automation skills (e.g. Python, Bash) for security tooling.