Senior Cloud Security Application Engineer

Ocado Group is an equal opportunities employer and as such makes every effort to ensure that all potential employees are treated fairly and equally, regardless of their sex, sexual orientation, marital status, race, colour, nationality, ethnic or national origin, religion or belief, age, or disability or union membership status.

About Us

Our teams are putting the world’s retailers online using the cloud, robotics, AI, and IoT. We provide services to partner clients globally via our innovative advanced robotics technology, known as the Ocado Smart Platform ("OSP"), this drives our highly automated, multi-million pound Customer Fulfilment Centres (CFCs). In our CFCs - together with the proprietary software applications - we operate a world-class online grocery business that automates the single pick of products, ready for your online delivery.

About the Role

We enable Ocado to operate on a global scale by providing a reliable, secure & well supported managed Cloud platform. We leverage the power of AWS and automate as much as possible.

The vision for the Cloud Security team is to design, implement and manage the security posture of cloud computing environments within Ocado. The team is responsible for the provisioning, configuration, maintenance & support of all the security tools currently in use to secure the AWS platform.

This function collaborates closely with other infrastructure teams in Cloud Services (i.e. Alto, Cumulus and Stratus), as well as Tuskens, Banthas and Infosec team, and while it goes without saying that it is the primary responsibility of those teams to secure their own products and services, it is becoming increasingly clear that there are overarching security challenges that are common across multiple teams and organisations and such challenges must be addressed centrally. Such security solutions would be then owned by the Cloud Security function.

What you will be doing 

• Be the driving force to “Automate Everything”, document what done and produce an easy to follow audit trail
• Write, test & deploy software to facilitate the automation of our products and services
• Analyse the state of our AWS-hosted resources across a portfolio of +150 accounts
• Develop automated tests strategies for existing processes & applications
• Research & evaluate new security related AWS Services as they are released
• Stay current with security related Cloud Technologies, including emerging trends, best practices, commonly adopted security strategies, and popular security related third-party solutions.
• Investigate & troubleshoot issues working alongside and on behalf of a wide range of engineering teams 
• Support production systems outside of standard working hours and participating in 24x7 on-call rota.

Over time. you will also:

• Own, maintain and operate a portfolio of Security related products deployed on hundreds of production environments
• Eg AWS WAF, AWS Guard Duty, AWS Inspector, AWS Shield, AWS IAM, AWS Firewall Manager, AWS CloudTrail, Security Lake, Security Hub, AWS Athena, etc
• Identify gaps in our security posture and capture them in well described RFCs - where applicable to develop products meeting requirement in the RFC
• Identify and adopt best-in-class IDS/IPS system at the Internet edge of our environments
• Identify and adopt best-in-class Security information and event management (SIEM) systems to analyse logs for suspicious activity and creates alerts
• Stay current with security related Cloud Technologies, including emerging trends, best practices, commonly adopted security strategies, and popular security related third-party solutions.

About you

• Demonstrable experience of working on AWS
• Understanding of Web Application architectures.
• Web Application development (in Python)
• Experience with a Python framework
• Appreciation of security, reliability, scalability and availability requirements.
• Demonstrable experience with DevOps (communication, collaboration, integration &
• automation).
• Experience & knowledge of common build tools, repositories and CD/CI tooling.
• The ability to work with data in Google BigQuery and visualise data using DataStudio
• Experience using relational databases and writing SQL queries

What we offer you

Our employee benefits are designed for you, we care about people and we’ve ensured we have a wealth of benefits that focus on your well-being. We regularly review our benefits to ensure we are supporting our employees appropriately. Currently, we offer technically stretching work, a competitive salary and;

• Remote work
• Multi-Sport Card
• Medical Insurance
• Life assurance
• Lunch Vouchers
• 30 days “Work for anywhere in the world” policy 
• Training and Development opportunities

If you think you have what it takes to make a difference, please submit your application below.

#LI-REMOTE #LI-OT #LI-KP1