Senior Security Engineer - Cloud Infrastructure

Ebury helps ambitious businesses unlock global growth, and we take the same approach with our people. We encourage innovation and movement, collaboration and problem-solving, and foster an environment where everyone can feel they belong, are valued, supported and empowered to succeed.

If you’re a collaborator who wants to help transform how businesses operate globally, get in touch - we’d love to discuss how Ebury can accelerate your career so you can shape the future.

Senior Security Engineer - Cloud Infrastructure

Hybrid (4 days in office) in London

Ebury is investing significantly in its cloud infrastructure security capabilities to ensure the trust and safety of our global financial services. As a Senior Security Engineer specialising in Cloud Infrastructure, you will own and evolve the security posture of our cloud environments across AWS and GCP, with a focus on network security, perimeter defence, and attack surface management.

This hands-on role requires deep expertise in cloud-native security controls, network architecture, and defensive security operations. You will design, implement, and maintain security infrastructure that proactively detects and mitigates threats before they impact our business. You will work closely with platform, infrastructure, and security operations teams, embedding security best practices into our cloud foundations.

Key Responsibilities

• Own cloud security posture and attack surface management: Maintain comprehensive visibility and control across AWS and GCP environments. Implement cloud-native security monitoring, detection, and alerting to proactively identify and mitigate threats before they impact customers or the business. Define and enforce security baselines using policy-as-code.

• Design and maintain web application firewall infrastructure: Own WAF configurations across AWS and GCP, developing and tuning detection rules aligned with application threat models and emerging attack patterns. Establish operational processes for rule lifecycle management and incident response integration, collaborating with application teams to implement protections without impacting availability.

• Architect network segmentation and isolation: Design and implement network security strategies ensuring proper separation between development, staging, and production environments. Define consistent patterns across multi-cloud infrastructure, applying zero-trust principles to workload communication and documenting reference architectures for engineering teams.

• Deliver modern secure remote access: Architect and implement a scalable remote access solution to meet current network security and environment isolation requirements. Design identity-aware access controls for infrastructure and cloud resources, ensuring solutions satisfy compliance and audit requirements for regulated financial services.

• Drive security automation and DevSecOps adoption: Implement Infrastructure as Code for security controls using Terraform and cloud-native tools. Build automated compliance checking, policy enforcement pipelines, and security tooling that improves detection and response capabilities across infrastructure deployments.

• Improve team capabilities and cross-functional collaboration: Partner with platform and infrastructure teams to embed security into cloud foundations. Provide technical guidance on network and cloud security best practices, contribute to incident response, and actively share security learnings to elevate engineering capabilities.

About you:

• You understand cloud infrastructure security end-to-end, applying frameworks (CIS Benchmarks, NIST CSF, ISO 27001) within a regulated context.

• You think holistically about defence-in-depth, from network perimeter to workload protection.

• You effectively engage with platform, infrastructure, and engineering teams, clearly explaining the 'why' and impact of security controls.

• You advocate for security-as-code and automation, reducing manual processes and improving consistency.

• You promote a collaborative culture, share knowledge openly, and optimise your contributions for predictable delivery

Experience and Qualifications

Required

• 5+ years in security or infrastructure engineering with deep expertise in cloud security, ideally within FinTech, banking, or a similar regulated industry.

• Expert-level experience with AWS and/or GCP security services, including VPCs, security groups, IAM, and cloud-native security tools.

• Proven track record designing and implementing WAF solutions (AWS WAF, Cloud Armor, or similar) with custom detection rules.

• Strong experience designing network architectures with proper segmentation and isolation patterns.

• Extensive experience with Infrastructure as Code (Terraform preferred) and GitOps practices.

• Proficiency in scripting and automation (Python, Bash, or similar).

• Solid understanding of network security fundamentals: firewalls, routing, DNS, TLS, VPNs.

• Experience implementing or operating SIEM, logging, and security monitoring solutions

Desired

• Experience with zero-trust network architectures and identity-aware access solutions.

• Knowledge of container security and Kubernetes network policies.

• Experience with security orchestration and automated response (SOAR).

• Familiarity with compliance requirements for financial services (PSD2, GDPR, PCI-DSS).

• Relevant certifications (AWS/GCP Security Specialty, CCSP, or similar).

• Experience migrating from legacy VPN solutions to modern alternatives (e.g., ZTNA, SDP)

What We Offer:

• Opportunity to define cloud security architecture at a leading fintech.

• High-impact role with significant technical influence across the organisation.

• Investment in professional development and growth.

• Competitive base salary and discretionary performance bonus.

• Annual conference and training budget.

• Inclusive, collaborative culture with a diverse global team

Application Requirements:

• Authorisation to work in the UK.

• Clean background check and regulatory screening.

• Professional references available upon request

If this sounds like you, please apply below!

Feel free to connect with me on LinkedIn - Freddie Mugridge

#LI- FM2

#LI-HYBRID

About us

Ebury delivers sophisticated, integrated solutions — business accounts, hedging, and financing — on a single platform with a seamless workflow. Our success is built on a simple premise and singular purpose: To help businesses operate and scale globally.

Since its founding in 2009, Ebury has always been a fast-growing leader in fintech. Today, we bring together 1,800+ Eburians across nearly 70 cities and we’re always looking to add to our team.

At the heart of our offering is a proprietary platform, purpose-built to help businesses seamlessly streamline and manage global cash flow. We focus on continuous product evolution and innovation to build the infrastructure for borderless growth and help our clients scale at every stage.

The opportunities at Ebury are as diverse as our people, ranging from business development to engineering roles across our tech pillars.

We believe in inclusion. We stand against discrimination in all forms and are against the intolerance of differences that makes us a modern and successful organisation. At Ebury, you can be whoever you want to be and still feel a sense of belonging no matter your story.