Senior Cloud Security Engineer

Senior Cloud Security Engineer

Team: Information Security
Working Pattern: Hybrid – 2 days per week in the Vitality Bournemouth Office. Full time, 35 hours per week.

What this role is all about: We're looking for a Senior Cloud Security Engineer to join us here  will play a key role in keeping our technology and member data safe. You’ll provide expert security guidance and hands‑on engineering support, working closely with teams across the business to embed effective security practices and ensure our environments are well managed and resilient.

From strengthening controls to supporting security operations and responding to emerging risks, you’ll help drive a proactive, always‑on approach to protecting what matters most.

Key Actions

• Own and champion Vitality’s Cloud Security toolsets, acting as the subject matter expert and providing high‑quality second‑line support
• Strengthen and evolve the configuration of security tooling across Vitality’s cloud environments, contributing to wider Information Security initiatives and projects
• Be the key liaison between internal Vitality teams, third‑party suppliers, and product vendors to ensure effective support and performance of applications and systems
• Proactively monitor security systems and tools, leading the response to security incidents and issues; support investigations and incident response, including participation in an on‑call security rota when required
• Provide trusted expert advice across Vitality on security applications and tooling best practice, enabling training, knowledge sharing, and capability uplift across Information Security and wider IT teams
• Communicate clearly and confidently with both technical and non‑technical audiences, influencing stakeholders and driving informed decision‑making
• Create and maintain clear technical documentation for system configurations, procedures, and operational processes
• Partner closely with architecture teams to support the design and delivery of new Security Operations Centre (SOC) capabilities
• Support the planning and delivery of penetration testing activities, owning the coordination and remediation of identified findings
• Actively contribute to the continuous improvement of Vitality’s Information Security posture, staying current with emerging threats, trends, and industry best practice

What do you need to thrive?

• Strong knowledge of cloud security across modern environments
• Advanced knowledge and hands‑on experience with attack methodologies and security testing
• Experience across penetration testing (application and network), App Sec, wireless security and vulnerability management
• Experience implementing and managing security controls (e.g. DLP, patching, RBAC, PAM, AV, DDoS mitigation, web proxy, vulnerability management)
• Understanding of Information Security principles, frameworks and regulatory requirements (e.g. ISO
  27001, FCA, PRA, ICO)
• Working knowledge of OWASP Top 10 and build/integration tools (e.g. Maven, Jenkins, Chef, TFS)
• Effective communication skills, including the ability to explain technical concepts and impacts to non‑technical stakeholders
• Ability to quickly learn new technologies and support others in understanding them
• Ability to work both alone and collaboratively within a team

So, what’s in it for you?

• Bonus Schemes – A bonus that regularly rewards you for your performance
• A pension of up to 12% – We will match your contributions up to 6% of your salary
• Our award‑winning Vitality health insurance – With its own set of rewards and benefits
• Life Assurance – Four times annual salary

At Vitality, we’re committed to diversity and inclusion because it’s good for our employees, for our business, and for society. We welcome applications from individuals of all backgrounds, experiences, and perspectives.