Security Engineer - FTC

Our team of hundreds of skilled experts keep Formula 1 moving. We’re on the lookout for a Security Engineer to work with us on a 12-month FTC! Reporting to the Cyber Security Manager, the main purpose of this role is to support the development and management of security technologies across F1’s growing technology landscape.

Main Duties & Responsibilities:

• Assess and maintain high standards of security maturity across Formula 1’s cloud infrastructure
• Focus on new and existing infrastructure, managing technical vulnerabilities, support continued system maintenance, and minimise technical debt
• Ensure visibility and reporting of Cloud infrastructure against Formula 1’s compliance and security standards (such as ISO 27001 and CIS)
• Main duties to be carried out include, but not limited to:
• Vulnerability Management and reporting across Formula 1’s cloud environment(s), including:
• Development of requirements, design, and implementation of cloud security tools (E.g. compliance and host security)
• A key focus on threat detection and risks across cloud environments
• Identification, remediation, and reporting of security vulnerabilities
• Reporting on compliance to F1’s security standards
• Support in the delivery and management of security design and architecture reviews
• Working closely with Infrastructure teams on security design and control strategies to reduce risks
• The definition and operation of secure development / operations (DevOps) practices, inc. code scanning, Kubernetes, container security.
• System and device hardening policies and reporting
• Technology focused threat assessments to identify threats/risks
• Documentation of security requirements, patterns, and processes
• Liaising closely with Formula 1’s cyber security, infrastructure, and digital teams on new and existing initiatives.

About You:

• Extensive hands-on experience with AWS cloud infrastructure – inc. AWS Security Services (CloudTrail, Guard Duty, WAF, IAM, Security Hub etc.)
• Knowledge of CI/CD including DevSecOps patterns and principles
• Infrastructure as code experience utilising Terraform
• Knowledge of container technologies
• Extensive experience with AWS Security Services & Governance and Information Security Best Practices
• Experience with other enterprise cloud platforms e.g. Azure
• Kubernetes experience
• Identity & Access Management deployment and administration (e.g. Okta, Entra ID)
• Web application security technologies – WAF, Bot Protection, DDOS Protection, etc.
• Adaptable, passionate and a team-player

Division: