Principal Cloud Security Engineer

Most of our Talent team are currently on leave for the holiday period so your application is likely to be reviewed in January. Enjoy the break well get back to you in the new year!

Introducing Security at Trainline  

Join our dynamic team where we focus on designing implementing and monitoring security controls to ensure a robust security posture in a fastevolving environment. As part of our mission to continuously improve and mature Trainlines security capabilities we work in close collaboration with cross functional teams including Cloud Engineering SRE Platform Engineering and more to integrate the latest technologies and best practices into our security strategy.

You will play a critical role in safeguarding all digital channels that collectively generate billions of pounds in annual ticket sales ensuring that our systems remain secure resilient and innovative in the face of evolving threats.

As a Principal Cloud Security Engineer at Trainline you will be responsible for...  

• Cloud Security Architecture & Design: Lead the design implementation and maintenance of robust security frameworks and controls to protect cloud infrastructure across multicloud environments (AWS GCP Azure). Ensure that security is seamlessly integrated into every layer of the cloud architecture from network configuration to identity management.
• Container & Orchestration Security: Architect and implement secure containerised environments using platforms like Docker and ECS. Focus on vulnerability mitigation compliance automation and secure orchestration practices to ensure container workloads are resilient and meet organisational security requirements.
• Security Policy Development & Enforcement: Develop document and enforce comprehensive cloud security policies standards and procedures that govern cloud infrastructure services and containerised workloads. Drive compliance initiatives for security frameworks such as CIS Benchmarks NIST and SOC2 ensuring policies are consistently applied across the organization.
• Cloud Migration & Native Infrastructure Support: Provide expert guidance and hands on support to teams migrating workloads and applications to cloudnative infrastructure ensuring security considerations are fully addressed throughout the migration lifecycle. Assist in the adoption of best practices for securing cloudnative architectures (e.g. serverless microservices and containerised environments).
• Security Integration into SDLC & CI/CD Pipelines: Collaborate with Development DevOps and QA teams to integrate security best practices into the software development lifecycle (SDLC) and CI/CD pipelines. Ensure security is prioritised through automation tools security testing and vulnerability scanning as part of the continuous delivery process.
• Crossfunctional Collaboration on Container Security: Partner with Cloud Engineering DevOps and Platform teams to enhance the security of container orchestration platforms (e.g ECS) and containerised workloads. Proactively identify and mitigate risks related to container security including configuration management runtime protection and image scanning.
• Security Assessments & Incident Response: Conduct security assessments vulnerability scans and risk analyses to identify and address potential security weaknesses within cloud environments. Support the security operations team in incident response efforts related to cloud security incidents ensuring timely detection containment and remediation.
• Staying Current on Threat Intelligence & Industry Trends: Continuously research and stay up to date on emerging threats vulnerabilities and security trends within cloud infrastructure container security and DevSecOps practices. Regularly evaluate new security tools frameworks and technologies to enhance the organisations cloud security posture.
• Security Training & Mentorship: Provide ongoing cloud security training guidance and mentorship to engineering and DevOps teams fostering a securityfirst culture within the organisation. Ensure that teams are wellequipped to identify understand and mitigate cloud security risks and align with established security standards and frameworks.

Qualifications :

Wed love to hear from you if you have...  

• AWS Expertise & Cloud Security Experience: Proven experience in implementing and managing robust security controls across AWS environments with a strong understanding of cloudnative security best practices. Familiarity with other major cloud platforms such as GCP and Azure is highly desirable. Experience working with webbased Git repositories (e.g. GitHub GitLab) and cloud services such as AWS Lambda API Gateway and other serverless architectures to ensure secure configurations and operations. Strong understanding of cloud security frameworks such as AWS WellArchitected Framework and CIS Benchmarks.
• Cloud & Networking Skills: Solid experience with cloud networking concepts and services including configuring and securing Virtual Private Clouds (VPCs) Subnets Security Groups and Network ACLs. Expertise in implementing and managing Content Delivery Networks (CDNs) Web Application Firewalls (WAF) and DDoS protection. Ability to design and enforce security policies that align with best practices for cloud networking and ensure secure application delivery.
• Infrastructure & Compliance as Code: Indepth knowledge of Infrastructure as Code (IaC) practices including the use of tools like Terraform AWS CloudFormation to automate the provisioning and management of cloud resources. Strong understanding of Policy as Code frameworks such as OPA or AWS config to enforce security policies and compliance requirements automatically across the infrastructure. Experience in driving Cloud Security maturity in fastpaced agile environments and advocating for security automation and DevSecOps practices to streamline security governance.
• Engineering Mindset: A strong engineering mindset with excellent troubleshooting and problemsolving skills to quickly identify security issues and gaps within automated processes. The ability to implement effective solutions that enhance the overall security posture is essential. Additionally the candidate should possess an analytical approach to continuously evaluate and refine automation workflows security controls and cloud security policies identifying areas for improvement and optimizing the security infrastructure.

Certificates

Any of the following would be beneficial but are not essential. Experience and cultural fit are just as important.

• CCSP
• AWS Certified Security
• AWS Certified DevOps Engineer
• AWS Certified Solutions Architect
• CompTIA Cloud

Additional Information :

Enjoy fantastic perks like private healthcare & dental insurance a generous work from abroad policy 2for1 share purchase plans extra festive time off and excellent familyfriendly benefits.

We prioritise career growth with clear career paths transparent pay bands personal learning budgets and regular learning days. Jump on board and supercharge your career from day one!

Our values represent the things that matter most to us and what we live and breathe every day in everything we do:

•  Think Big  Were building the future of rail
•  Own It  We focus on every customer partner and journey
• Travel Together  Were one team
•  Do Good  We make a positive impact

Interested in finding out more about what its like to work at Trainline Why not check us out on LinkedIn Instagram and Glassdoor.