Senior Cyber Security Engineer

We seek an experienced, technically strong, and highly hands-on Senior Cyber Security Engineer to secure our websites, digital assets, and cloud infrastructure, focusing on AWS security, web application security, and practical threat prevention.
This is not a policy or governance role: we're looking for someone who enjoys rolling up their sleeves, solving security issues directly, working alongside engineers and DevOps, and implementing robust protective measures to prevent real-world attacks.

Responsibilities

• Harden and maintain the security of our websites and web applications.
• Implement, monitor, and optimise WAFs (AWS WAF, Cloudflare) — focusing on real-world traffic filtering and rule fine-tuning.
• Perform regular application security scans, vulnerability assessments, and coordinate annual third-party penetration tests.
• Fix and patch vulnerabilities proactively in collaboration with developers.

AWS & Cloud Security
• Own the security of our AWS environments: IAM, networking, patch management, secure configurations, change control, and monitoring.
• Action recommendations from our security tools and track remediation.
• Enforce best practices for infrastructure as code, deployment pipelines, and container security.

Threat Detection & Incident Response
• Deploy and operate SIEM (Security Information and Event Management) tools to detect and respond to security threats in real-time.
• Develop and maintain runbooks for incident handling and forensic investigation.
• Perform root cause analysis of security incidents and implement preventive measures.

Risk & Assurance
• Produce regular security status reports and product risk assessments for General Managers and senior leadership.
• Stay ahead of emerging threats relevant to our industry (affiliate marketing and crypto) and adapt controls accordingly.

Collaboration & Knowledge Sharing
• Work closely with engineering and DevOps to embed security into the development lifecycle and deployments.
• Provide hands-on guidance and training to engineers on secure coding, secrets management, and AWS security.
• Foster a culture of practical security awareness across the company.

Requirements

• Minimum 5 years of practical cybersecurity experience in a hands-on technical role.
• Deep knowledge of AWS security, web architecture, and cloud-native security patterns.
• Proven experience deploying and tuning WAFs (AWS, Cloudflare) and handling real security incidents.
• Solid understanding of DevOps pipelines and how to secure CI/CD processes.
• Proficient with modern security tooling: SIEM, vulnerability management, endpoint security, firewalls, 2FA, email/web security.