Overview

At Engine by Starling, we are on a mission to find and work with leading banks around the world. Engine is Starling's SaaS business, built to power Starling and now available to banks and financial institutions globally. We are an engineering-led company that values: Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness. Hybrid Working: we have a hybrid approach and prefer you to be within a commutable distance of our offices to collaborate in person.

About the role

As a Cloud Security Engineer at Engine, you will be a hands-on builder, responsible for engineering and automating the security of our core platform. Your primary mission is to treat security as an engineering discipline, creating robust, scalable, and automated solutions to protect our cloud infrastructure and development lifecycle. You will spend your time writing code (Go, Python), defining secure infrastructure-as-code (Terraform), and building tooling that ensures our platform is secure by design and compliant by default. This is a role for an engineer who loves to build, automate, and solve complex security problems through code.

You will work on projects covering identity and access management, cloud and network security, vulnerability management, security monitoring, security hardening, compliance reviews, and more. It is a varied role with close interaction with the infrastructure, security engineering, cross-cutting and compliance teams. You will join a team that values delivering new features across diverse tech stacks and actively participates in the security of multi-tenant SaaS cloud environments and internal infrastructure.

Responsibilities

• Design, build, and maintain security automation and tooling to enforce security controls and simplify compliance (e.g., automating evidence collection for frameworks like SOC 2, ISO 27001, or PCI DSS).
• Build, manage, and automate identity and access management controls to ensure secure access to our cloud platforms and applications.
• Write and review Infrastructure-as-Code (Terraform) to securely configure our AWS and GCP environments.
• Secure CI/CD pipelines by implementing and interpreting results from SAST/DAST/SCA tools and ensuring the integrity of our software supply chain.
• Develop and maintain preventative and detective security controls within our cloud environments, responding to and automating remediation of security alerts.
• Implement and automate technical controls based on findings from security assessments, audits, and architecture reviews.
• Engineer solutions to secure Kubernetes environments, focusing on RBAC, network policies, and runtime security.
• Collaborate with engineering teams to implement security best practices and provide hands-on remediation support.
• Contribute to incident response efforts, including investigation, remediation, and post-mortem analysis of security breaches.

Qualifications

What skills are essential:

• Strong, demonstrable hands-on experience in a software or infrastructure engineering role.
• A genuine passion for security, with proactive interest in threats, vulnerabilities, and best practices.
• Proficiency in at least one programming language, with a strong preference for Go, followed by Python.
• A mature understanding of cloud security architecture and hands-on experience securing core infrastructure and services in AWS or GCP.
• Experience with Infrastructure-as-Code, specifically Terraform.
• Aptitude for building tools and automating workflows to solve complex problems.
• Practical understanding of integrating security into the software development lifecycle.
• Experience securing containerised environments (Kubernetes) and CI/CD pipelines (e.g., GitHub Actions, TeamCity).
• Strong scripting skills in Bash.

What skills are desirable, but not essential:

• Proven experience creating custom tools or scripts to solve security challenges.
• In-depth knowledge of security principles, technologies, best practices and threat detection/mitigation strategies.
• Understanding of security principles, common attack vectors (OWASP Top 10, MITRE ATT&CK), and the threat landscape.
• Ability to identify potential threats, attack vectors, and vulnerabilities in systems and applications.
• Experience automating security controls for compliance like SOC 2, ISO 27001, or PCI DSS.
• Expertise in Kubernetes security (RBAC, clusters, meshes), networking best practices, and RBAC implementation (CKA/CKS a plus).
• Container security knowledge including container image provenance and runtimes.
• Strong understanding of network protocols, firewalls, IDS/IPS and WAFs.
• Understanding of integrating security into the software development lifecycle.
• Experience in cryptography management and cloud-native security logging, monitoring, and detection services.
• Experience performing secure code reviews and security approvals using SAST/DAST tools.
• Relevant security certifications such as AWS Security Specialist or GCP Professional Cloud Security Engineer.

Our Interview process

Interviewing is a two-way process and we want you to have time to get to know us as we get to know you. Our interviews are conversational. Generally, after a chat with our Talent Team you can expect:

• Initial interview with our Staff Security Engineer – ~45 minutes
• Take-home technical task to discuss in the next interview
• Technical interview with Security Engineer team members – ~1.5 hours
• Final interview with our CTO / deputy CTO – ~45 minutes

Benefits

• 33 days holiday (including public holidays, taken when it works best for you)
• An extra day off for your birthday
• Annual leave increases with length of service; option to buy or sell up to five extra days
• 16 hours paid volunteering time per year
• Salary sacrifice, company-enhanced pension scheme
• Life insurance at 4x your salary & group income protection
• Private Medical Insurance with VitalityHealth including mental health support and cancer care; partner benefits with Waitrose, Mr&Mrs Smith and Peloton
• Generous family-friendly policies
• Refer a friend incentives
• Perkbox membership for discounts and wellness resources
• Initiatives like Cycle to Work, Salary-Sacrificed Gym partnerships and EV leasing

About Us

You may be put off applying if you don’t tick every box. We’re open to discussion on flexible working. We’re on a mission to reshape banking, and we’re proud to bring together people of all backgrounds who love solving problems. Engine by Starling is an equal opportunity employer, and we’re committed to diversity and inclusion in the workplace. Applications are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, disability, military status, or any other protected characteristic.

When you provide information, you consent to processing in accordance with our Privacy Notice. By submitting your application, you agree that Engine by Starling and Starling will collect your personal data for recruiting and related purposes. Our Privacy Notice explains what data we process, where, why, and your rights regarding this information.