Principal Cloud Security Engineer

Are you ready to lead the way in securing cloud environments for a vital public service? We are looking for a highly skilled Principal Cloud Security Engineer to join the Digital Risk & Security branch of our Chief Digital Office. In this pivotal role, your expertise will be instrumental in protecting Social Security Scotland’s critical information systems, supporting our commitment to safeguarding public data and digital services.

As a key technical leader, you will drive the adoption and evolution of DevSecOps practices across a complex multi-cloud environment. Collaborating closely with cloud engineers, developers, and architects, you will lead the design and integration of security tooling into our cloud environments, ensuring security is embedded at every stage of our organisation. Your role will be pivotal in implementing secure-by-design cloud architectures, delivering scalable, automated solutions that align with industry best practices and support our wider digital transformation goals.

This is a highly technical role requiring a deep understanding of cloud infrastructure and advanced security expertise. You will play a critical part in articulating security postures, managing technical risks, and implementing controls to mitigate potential threats. While this role does not involve direct security operations or governance, your developer experience and stakeholder management skills will be vital. You will collaborate across teams, influence senior management, and drive forward innovative security solutions that balance security needs with operational agility. 

A Principal Cloud Security Engineer designs, builds, manages and supports the security controls within our infrastructure services that underpin all internal user services and services to the public.

The Principal Cloud Security Engineer manages third party provision of cloud security services and the provision of expertise to develop secure architectural solutions for our cloud infrastructure services, throughout the service product life cycle.

At this role level, you will:

• Oversee programmes and projects.
• Work with technical architects and infrastructure engineers to translate the architectural designs into operations and support in operationalising the designs.
• Lead and direct cloud security engineering teams in building, managing, supporting and maintaining solutions according to departmental policy (if taking a managerial path).

If you are passionate about cloud security and eager to make a real difference in public services, we invite you to join our talented team and take the next step in your career.

Responsibilities

• Lead the design, implementation, and support of cloud infrastructure solutions with embedded security controls, utilising industry-standard frameworks like AWS Well-Architected or Azure Security Centre.
• Develop and enforce security controls within Infrastructure as Code (IaC) pipelines, integrating security testing (SAST, DAST, SCA) and automated compliance checks into CI/CD processes.
• Provide expert guidance on cloud security architecture, articulating security postures, and implementing mitigating controls to reduce risk.
• Lead cross-functional teams in applying modern development and security standards to support complex projects, ensuring security by design.
• Proactively identify vulnerabilities and potential issues in cloud environments, initiating preventative measures and continuous security improvements.
• Collaborate with Architects, Developers, and DevOps teams to embed security into the end-to-end development pipeline, promoting DevSecOps best practices.
• Establish and maintain security frameworks and procedures across the service life-cycle, ensuring compliance with standards such as ISO27001 and government policies.
• Diagnose and troubleshoot security and infrastructure issues across diverse systems, including compute, storage, networking, and software.
• Cultivate strong stakeholder relationships, serving as the primary point of contact for cyber security matters, and securing buy-in for security initiatives.
• Advise on emerging security threats and future technology trends, supporting strategic planning and security posture enhancement.
• Lead system and acceptance testing strategies, ensuring security controls are validated and operational risks are effectively managed.
• Lead the development of security awareness and training programmes to promote a strong security culture within technical teams.

Success Profiles
We use an assessment framework called ‘Success Profiles’ which lists the elements we test and provides detailed descriptions of each. Find out more about how we assess the Success Profile elements 

Essential Experience 

1.  Proven hands-on experience designing and implementing secure cloud infrastructure solutions, including native security services (IAM, WAFs, threat detection), with a strong focus on embedding security within CI/CD pipelines using tools like Terraform, AWS CloudFormation, SAST, DAST, and SCA.
    
2. Demonstrable experience leading DevSecOps initiatives, integrating security controls seamlessly into development and operational workflows, and collaborating effectively with Developers, Architects, and DevOps teams to promote security by design.
    
3. Extensive experience engaging with senior stakeholders to communicate technical security solutions, secure buy-in for security controls, and lead cross-team efforts to embed security best practices into enterprise cloud environments.

Behaviours 

• Seeing the big picture (Level 4)
• Changing and improving (Level 4)

You can find out more about Success Profiles Behaviours here: Success Profiles - Civil Service Behaviours (publishing.service.gov.uk)  

Technical/Professional Skills:  
This role is aligned to Infrastructure engineer - Government Digital and Data Profession Capability Framework within the Digital, Data and Technology Profession.  

These skills will be tested during the Technical Assessment if you are successful at sift stage. They will be not be assessed at application stage.  Please review the following to understand the skill expectations: Government Digital and Data Profession Capability Framework

How to Apply  
Apply online, you must provide a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet the experience and behaviours listed in the Success Profiles above.  Be sure to provide specific examples of work that you’ve done that showcase your relevant experience.   

Should a large number of applications be received, an initial sift may be conducted using the CV and Supporting Statement based on the first Experience criteria.

Candidates who pass the initial sift will have their applications fully assessed. 
 
Candidates who are successful at sift stage will be invited to attend an Interview and Technical Assessment. The interview will further assess the Experience and Behaviours listed in the job advert and the Technical Assessment will evaluate the Technical Skills relevant to the role.  

Candidates who pass the sift and are invited to the Interview and Technical Assessment stage will receive a Technical Assessment Candidate Pack, which will outline the skills to be assessed and the assessment methods to be used. 

Following the application sift, there may be a telephone interview as part of the assessment process before the main interview.

We aim to provide feedback on request. However, if we receive a large number of applications it may not be possible for us to provide specific feedback on your application. We will provide feedback on request to candidates who attend an interview/assessment. 

Information Session
We are holding a candidate information session for this role on Thursday 10th July at 12:00pm - 1:00pm to provide you with information about the application and interview process as well as further information on the role and team.   

We will be talking about:

• The Principal Cloud Security Engineer role and Cloud Security Engineering team
• About Social Security Scotland
• Our recruitment process
• Q&A with the hiring manager

This session is open to all internal and external candidates. 

Please join us using the link below.     

Join the meeting now

Expected Timeline (subject to change) 
Sift – w/c 21st July 2025
Interview – w/c 6th August 2025 
Location – In Person in either Dundee or Glasgow 

Reserve List   
In the event that there are more successful candidates than posts available, a reserve list will be kept for up to 12 months.  

About us  
Social Security Scotland is an Executive Agency of the Scottish Government. Our benefits help people from all walks of life in Scotland. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles. We are committed to recruiting a diverse workforce that is representative of the clients we serve.  Find more about us here.   

We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer.  

As part of the UK Civil Service, we uphold the Civil Service Nationality Rules.    

DDaT Pay Supplement 
This post is part of the Scottish Government Digital, Data and Technology (DDAT) profession and as a member of the profession you will join the professional development system. This post currently attracts a £5,000 annual DDAT pay supplement, applicable after a 3 months competency qualifying period. The payment will be backdated to your start date in the role. Pay supplements are reviewed regularly and there is one currently underway. Changes will be communicated when the review is concluded. 

Working pattern 
Our standard hours are 35 hours per week and we offer a range of flexible working options, depending on the needs of the role. We embrace a hybrid working style where all colleagues will spend time in either our Glasgow or Dundee offices. There is an expectation of a minimum 2 days per week in your assigned location, which will be either Glasgow or Dundee.  If you have specific questions about the role you are applying for, please contact us.  

 Equality Statement  
Social Security Scotland are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation.    

Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at Recruitment@socialsecurity.gov.scot. 

Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.  

Further Information  
This post requires the successful candidate to clear additional National Security Vetting clearance before a start date can be offered. Further information regarding National Security Vetting clearance can be found here - United Kingdom Security Vetting: Applicant - GOV.UK (www.gov.uk) 

Find out more about our organisation, what we offer staff members and how to apply on our Careers Website.  

Read our Candidate Guide for further information on our recruitment and application processes.  

The successful candidate will be expected to remain in post for a minimum of 3 years unless successful in gaining promotion to a higher Band or Grade.   
 
Social Security Scotland’s recruitment processes are underpinned by the recruitment principles of the Civil Service Commissioner, which outline that selection for appointment be made on merit on the basis of fair and open competition - Recruitment - Civil Service Commission (independent.gov.uk)   

If you feel at any time your application has not been treated in accordance with the values in the Civil Service Code and/or if you feel the recruitment has been conducted in such a way that conflicts with the Civil Service Commissioner’s Recruitment Principles, you can make a complaint, by contacting Social Security Scotland at recruitment@socialsecurity.gov.scot in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commissioner. 

If you experience any difficulties accessing our website or completing the online application form, please contact the Resourcing Team via recruitment@socialsecurity.gov.scot     

Apply before 16th July 2025 at 11:55pm

Contact Name - Resourcing Team  
Contact Email - Recruitment@socialsecurity.gov.scot