×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Cloud Computing

Cloud Security Engineer

Job in Salford, Manchester, Greater Manchester, M9, England, UK
Listing for: Finova
Full Time position
Listed on 2026-06-03
Job specializations:
  • IT/Tech
    Cybersecurity, Cloud Computing
Salary/Wage Range or Industry Benchmark: 100000 - 125000 GBP Yearly GBP 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Location: Salford

Overview

Cloud Security Engineer - Manchester (Hybrid 3 Days Office)

About Finova

Finova is the UK’s largest financial services technology provider, supporting one in every five mortgages nationwide. Our agile, cloud-native solutions enable over 60 banks, building societies, specialist lenders, equity release providers and a network of 2,400+ brokers to stay ahead in a competitive market. Built on open architecture and backed by deep industry expertise, our platform is designed to scale. Each year, we process over £50 billion in loans, manage nearly £50 billion in savings, and support the digital servicing of more than 650,000 UK borrower accounts.

Be part of a team that’s driving innovation, enabling growth and shaping the future of UK lending.

About the Role

We’re looking for a Cloud Security Engineer to own the security posture of our multi-cloud SaaS fintech platform across AWS, Azure, and GCP. This is a hands-on, hybrid role. You’ll review Terraform pull requests, tune CSPM rules, and trace misconfigured storage buckets across multiple accounts to close gaps by day’s end.

Must-Have Experience
  • Professional

    Experience:

    4–6 years in cloud security, security engineering, or security-focused platform engineering, with hands-on production experience in regulated environments.
  • Multi-Cloud Mastery:
    Hands-on experience securing at least two of AWS, Azure, and GCP in production, and working familiarity with all three. You can navigate the consoles and APIs of all three without a tutorial open.
  • Infrastructure-as-Code:
    Deep experience with IaC security, primarily utilizing Terraform, plus at least one of Bicep, ARM, Cloud Formation, or Pulumi, alongside their associated policy-as-code tooling.
  • Cloud-Native Security Services:
    Practical knowledge of tools like Defender for Cloud, AWS Security Hub / Guard Duty / Macie / Inspector, and GCP Security Command Center / Chronicle—including their failure modes, not just their marketing.
  • Container Security:
    Practical experience with Kubernetes security (admission control, pod security, network policy, service mesh) and container supply-chain security (image signing, SBOMs, SLSA).
  • Guardrails as Code:
    Experience defining and operating cloud guardrails as code (AWS SCPs, Azure Policy, GCP Org Policies), including safe rollout strategies that avoid production disruption.
  • Network & Core Security:
    Solid understanding of cloud network security patterns (VPC/VNet design, private connectivity, egress filtering, DNS security) and secrets management (KMS, Key Vault, Secrets Manager, Hashi Corp Vault).
  • Sec Ops & Multi-Tenancy:
    Familiarity with cloud detection engineering (Cloud Trail, Activity/Audit Logs) and an understanding of how cloud-layer choices (account structure, networking, KMS keys, storage layout) dictate real SaaS tenant isolation.
  • Consultative Delivery:
    Experience working as a delivery engineer or consultant for a vendor or consultancy. You have shipped cloud security into customer environments under tight deadlines, navigated diverse stakeholder landscapes, and learned to be effective without direct platform ownership.
  • Communication:
    Clear communicator capable of explaining a cloud risk to a developer, a CFO, and an auditor—adjusting technical depth and language appropriately without compromising facts.
Nice-to-Have Experience
  • Experience working within fintech, payments, banking, or insurance environments.
  • Hands-on experience securing AI/ML cloud infrastructure (training clusters, GPU workloads, vector databases, model registries).
  • Experience with CNAPP / CIEM platforms (Wiz, Prisma Cloud, Orca, Microsoft Defender CNAPP, etc.) and an understanding of their trade-offs.
  • Familiarity with eBPF-based runtime security tooling (Falco, Tetragon, or commercial equivalents).
  • Experience with FedRAMP, ISO 27001, or other formal compliance regimes beyond SOC 2 / PCI-DSS.
  • Relevant industry certifications: AWS Security Specialty, AZ-500, GCP Professional Cloud Security Engineer, CCSP, CKS, or CISSP.
  • Strong scripting skills (Python, Power Shell, Go) for automation, custom tooling, and detection engineering.
  • Background in offensive cloud security, known cloud attack patterns, red team experience,…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search