Cloud Security Engineer
Hatfield, Hertfordshire, UK
“We are on a mission to transform the future of grocery retail through sustained technology innovation.”
Ocado Technology is putting the world’s retailers online using advanced artificial intelligence, robotics, big data, the cloud and IoT. We develop the innovative software and hardware systems that power Ocado.com, as well as the unique ‘Ocado Smart Platform’ which is being implemented by ambitious retailers across the world from Europe to America, Asia and beyond. With everything from websites to highly automated warehouses that we design in-house, our employees are skilled specialists with expertise across a wide range of technologies, working on cutting-edge innovations that are shaping the future of our society.
We are a fast- growing company: today we have colleagues in 7 development centre across the UK and Europe, with offices open in London, Hatfield, Welwyn Garden City (UK), Krakow, Wroclaw (Poland), Sofia (Bulgaria) and Barcelona (Spain), with a satellite office in Stockholm (Sweden).
We champion a value-led culture to get our teams working at their very best and to help create a collaborative working environment with inspiring projects that our people love. Core values of Trust, Autonomy, Craftsmanship, Collaboration and Learn Fast help drive our innovative culture. But don’t just take our word for it, have a look at what our people are saying about us on Glassdoor.
What does the team do
Engineering Productivity (EngProd), our vision is that Development teams intuitively, and symbiotically, utilise our tools so they are as empowered, and informed, as possible in the creation and delivery of world beating solutions.
As a member of the Cloud Security function, you will be building upon the managed services, APIs and expertise of Amazon Web Services. You will be working alongside development and infrastructure teams to design, deliver, automate and operate all the security aspects of our Cloud Platform which hosts our business critical applications.
This function seats within a cross functional, agile team and we are looking for candidates from a variety of backgrounds with a strong understanding of Cloud Computing (especially in AWS) and a demonstrable record as Security Engineer.
This function is critical to provide Cloud Security Infrastructure products and services as well as daily Support on security (eg. Advisory & Consultancy) to teams in Engineering Productivity and more widely to Ocado Technology.
If you have experience as a Security Engineer, DevOps Engineer with Security focus in AWS environment, Linux System & Network Engineer with strong Security focus, we would like to hear from you.
What would I be doing / Learning?
You'll enjoy being part of the team if you like: learning fast (through experimentation, self-motivation etc); being autonomous but able to collaborate (sharing knowledge is important to us); craftsmanship and innovation (we never stop questioning how we can be better).
In terms of career progression and future prospects, this role offers tangible opportunities to contribute in forging the Cloud Security strategy, to work with and influence directly senior stakeholders and to drive the formation of the Cloud Security team.
In the role you will:-
- Own, maintain and operate a portfolio of Security related products deployed on an increasing number of production environments
- Eg Cloud Conformity, AWS WAF, AWS Guard Duty, AWS Inspector, AWS Shield, AWS IAM, AWS Firewall Manager, AWS CloudTrail, etc
- Providing advice, training and mentoring to teams in Cloud Services and beyond in areas that can enhance security visibility in the AWS Cloud Environments.
- Identify gaps in our security posture and capture them in well described RFCs
- Identify and adopt best-in-class IDS/IPS system at the Internet edge of our environments
- Identify and adopt best-in-class Security information and event management (SIEM) system to analyse logs for suspicious activity and creates alerts
- Champion, plan and implement Security Compliance policies (eg SOC-2, PCI, etc) and kitemarks
- Stay current with security related Cloud Technologies, including emerging trends, best practices, commonly adopted security strategies, and popular security related third-party solutions.
- Supporting production systems on Security related vulnerabilities as required, outside of standard working hours and participating in 24x7 on-call rota.
What we are looking for
- Demonstrable experience of Public Cloud technologies (AWS preferred).
- Solid understanding of Cybersecurity concepts, including threats, vulnerabilities, security operations, encryption, boundary defence, authentication and risk management.
- Demonstrable experience with network and system security tools in the Cloud, including network firewalls, intrusion detection systems and intrusion prevention systems, anti-malware, vulnerability scanning, encryption, monitoring and developing technical engineering artifacts.
- Some level of experience in software development (eg python) and/or scripting abilities (Linux shell).
- Some experience with Security compliance (eg AWS Config, PCI, etc)
- The inclination and ambition to “Automate Everything”
- Proficiency in English (both verbal and written).
It would be a bonus if you have experience with any of the below technologies, but do not feel hesitant to apply if you don’t.
- Some level of experience in some of the following area:
- Vulnerability Detection systems (eg AWS Security Hub, AWS Guard Duty, AWS Inspector, Cloud Trail, AWS Trusted Advisor, Cloud Conformity, SplunkCloud, etc )
- Cloud Infrastructure Protection strategies (eg WAF, AWS Shield, Control Tower’s Guard Rail, AWS Firewall Manager, AWS Organisations: Service Control Policies, AWS Network Firewall, etc)
- Cloud Infrastructure Incident response (eg Shield Advance, Amazon Detective, etc)
- Understanding of Web Services architectures.
- The inclination to document what done and produce an easy to follow audit trail
What we offer you
Our employee benefits are designed for you, we care about people and we’ve ensured we have a wealth of benefits that focus on your well-being. Within our flexible environment we can offer technically stretching work, a competitive salary and share schemes. Benefits include private health care, pension scheme, access to mental health apps such as “Unmind”, free shuttle bus from Hatfield train station and of course, healthy Ocado retail staff discounts.
We also have regular divisional socials, sports clubs not to mention the Ocado Technology Academy for a packed schedule of courses, conferences and events such as discussion sessions, conference briefs and external guest speakers. If you think you have what it takes to make a difference, please submit your application below.
Be bold, be unique, be brilliant, be you. We are looking for individuality and we value diversity above gender, sexual orientation, race, nationality, ethnicity, religion, age, disability or union participation. We are an equal opportunities employer and we are committed to treating all applicants and employees fairly and equally.
We are thrilled to welcome applicants from across the world. While we are able to offer sponsorship, please note that unfortunately we are unable to cover the cost of your visa at this time. We do cover the relevant company costs for visa sponsorship. For all employment offers made for UK roles, it is expected that you will be based in the UK in commutable distance, ready for your first day of work, so please keep this in mind. If you have any questions, please don't hesitate to ask.Due to the energising nature of Ocado's business, vacancy close dates, when stated, are indicative and may be subject to change so please apply as soon as possible to avoid disappointment. Please note: If you have applied and been rejected for this role in the last 6 months, or applied and been rejected for a role with a similar skill set, we will not re-evaluate you for this position. After 6 months, we will treat your application as a new one.