Explore roles
Falcon Chase International
AWS Cloud Security Engineer
Private salary
London
Remote or hybrid
RECENTLY POSTED
Graduate
Junior
Mid
Senior
Leader
Description
Role Overview
We are seeking an AWS Security Engineer to take end-to-end ownership of cloud security across discovery, design, implementation, and large-scale workload migration.
This role is central to a major AWS transformation programme, including:
AWS Landing Zone establishment
EUC/Citrix-to-Amazon WorkSpaces modernisation
Full on-premises datacentre migration
You will be responsible for defining and embedding security controls across identity, compliance, guardrails, monitoring, MFA/Conditional Access, and ongoing hardening of production environments.
Key Responsibilities
Validate MFA, Conditional Access, encryption, and logging during the discovery phase
Design and embed IAM, RBAC, federation, and authentication patterns into cloud architectures
Define AWS security guardrails, Service Control Policies (SCPs), monitoring, and compliance baselines
Configure and manage IAM roles, key management, encryption, logging, AWS CloudTrail, AWS Config, GuardDuty, and Security Hub
Support AWS Landing Zone build-out, including identity federation, tagging standards, auditing, and multi-account governance
Implement security hardening for VDI/Amazon WorkSpaces/Citrix environments, including MFA, Conditional Access, and admin console security
Validate security controls during pilot migrations and large-scale migrations (200+ workloads), covering IAM, MFA, encryption, and BCP requirements
Support CIS benchmarking, public-sector standards, compliance testing, and penetration-testing readiness
Tune monitoring dashboards, alerting, and incident triage during hypercare and post-migration phases
Required Skills & Experience
Strong hands-on experience as an AWS Security Engineer
Deep expertise in AWS IAM, RBAC, SCPs, and AWS Organizations
Experience implementing MFA, Conditional Access, and Entra AD federation
Solid understanding of CIS benchmarks, compliance frameworks, encryption, AWS KMS, and RPO/RTO
Proven experience enabling and operating GuardDuty, Security Hub, CloudTrail, and AWS Config
Exposure to security validation at migration scale within complex AWS environments
Role tech stack
AWS
AWS Config
AWS IAM
Falcon Chase International
AWS Cloud Security Engineer
Share role