Roles
tombola
Cloud Security Engineer - Sunderland (Hybrid)
Explore roles
Description
Hybrid requirements: This role has flexible working patterns.
Ready to be our next Cloud Security Engineer? We’re on the lookout for a tech whiz to join our brilliant team in Sunderland and help us keep things super secure for our players and our business. If you’re passionate about cloud security and love a challenge, you’re in the right place!
At tombola, we take security seriously – but we also like to have a bit of fun while we’re at it! As our Cloud Security Engineer, you’ll be building on our existing operational security, with a special focus on protecting our cloud infrastructure. You’ll be hands-on, designing, implementing, and managing top-notch security solutions across all our cloud environments.
You’ll also play a key part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you’ll be right in the thick of security event monitoring, threat intelligence, and incident management – keeping us one step ahead!
What you’ll be doing:
Delivering SOC Capabilities: You’ll be a key team member in delivering ongoing Security Operations Centre (SOC) capabilities for the business.
Driving Automation: You’ll push for security automation wherever possible and play a big part in evolving our security tooling and services.
Policy & Standards: You’ll champion the adoption and adherence to our InfoSec policy, standards, and guidelines.
Threat Intelligence: You’ll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats.
Incident Response: You’ll actively monitor for security incidents and jump into action with our incident response teams to contain, investigate, and prevent future security hiccups.
Defining Controls: You’ll help define our operational security requirements and put the right controls in place to keep security risks at bay, all while sticking to regulations and industry best practices.
Collaboration: You’ll work hand-in-hand with our Infrastructure, Platform, and IT Services teams, making the most of a SecOps approach.
Mentoring: You’ll provide guidance and support to less experienced team members, helping them grow.
Data Loss Prevention (DLP): You’ll monitor, maintain, and enhance our DLP controls across email, endpoints, and cloud services.
Data-Centric Security: You’ll champion a data-centric security approach, making sure data classification, handling, and protection are embedded from design to deployment.
Zero Trust: You’ll promote and support Zero Trust Architecture principles, continuously verifying identities, devices, and access requests.
Security Awareness: You’ll develop and maintain internal security awareness materials to educate our staff on evolving threats.
Attack Simulation: You’ll contribute to planning and delivering attack simulation training (like phishing campaigns) to boost user resilience.
Flutter Collaboration: You’ll liaise with other Flutter brands, ensuring our security approaches and technology align.
Cloud Security Integration: You’ll work with development, DevOps, and cloud engineering teams to embed cloud security controls into our CI/CD workflows and infrastructure-as-code.
Cloud Security Posture: You’ll utilise cloud-native and third-party security tools to keep an eye on our cloud security posture and ensure we’re always aligned with best practices.
What you’ll bring:
Hands-on technical experience supporting security solutions on cloud technology platforms (preferably AWS, including EC2, VPC, IAM, S3, Control Tower, Config, Security Hub) and traditional on-premise environments.
Awareness of how to secure a mix of Linux, Windows, Apple & Android OS.
Knowledge of network perimeter security, including firewalls, WAF, anti-virus, and O365 compliance & security centre.
Familiarity with NIST (CSF Framework 2.0), ISO 27001, PCI-DSS, and GDPR.
Experience operating and managing SIEM solutions, vulnerability management tools, and secure configuration tooling.
Ability to use PowerShell and Python scripting for security automation.
Experience working in or with agile and/or SecOps oriented teams.
A proven track record of analysing security requirements and applying architectural best practices.
Previous work experience in an IT, InfoSec, or system administration role.
Commercial awareness and the ability to balance security needs with operational flexibility.
Confidence in promoting security best practices across all business levels.
Bonus points if you have:
Professional qualifications like CompTIA Security+ or AWS certifications.
Experience contributing to the security architecture and design of cloud-native solutions, including secure workload deployment, cloud network segmentation, and IAM strategies within AWS.
Proficiency in implementing and managing Cloud Security Posture Management (CSPM) tools.
Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines.
Working knowledge of DevSecOps methodologies.
Ability to contribute to cloud solution threat modelling and secure design reviews.
A bit about you:
Passion! You’re genuinely passionate about your career path and love what you do.
Communication skills. You can express your ideas clearly, whether you’re chatting with technical gurus or non-technical colleagues.
A desire to learn. We’re all about continuous improvement, and we want people who want to improve themselves too.
Confidence to suggest improvements. Got a brilliant idea? We want to hear it! We’re always looking to do things better.
Highly motivated with a “can do” attitude and the ability to use your own initiative.
A “down to earth” working style.
A spirit of fun and engagement!
Ready to join our amazing team and help us keep tombola safe and secure for everyone? Apply now and let’s chat!
Role tech stack
Life at
tombola
Browse all roles
Culture overview
We’re ambitious, we’re growing quickly and we’re looking for awesome people to join our already awesome team. #tombolalife is a lot of fun - we take pride in what we do, we work hard and we work together. We’re excited about the future and the team that will make an impact.
Employee benefits
Bonus Scheme
Cycle To Work
Flexible Working
Free Food
Free Parking
Gym Membership
Laptop
Learning Allowance
Life Insurance
Pension
Private Healthcare
Office vibe
City Centre
Friday Drinks
Hackathons
Open Plan
Social Events
Location
Tech at
tombola
Go to profile
Leadership
James Conway
Director of Technology
Engineering principles
Agile Process
Code Reviews
Communication and collaboration
Continuous delivery
Continuous Development
Continuous integration
Knowledge sharing
Mentoring
Micro services
Pair programming
Rapid release cycles
Test Driven Development
Unit testing
Company tech stack
See more