Cloud Security Engineer (Automation & Tooling) - Engine by Starling

About Engineering at Engine by Starling <p>At Engine by Starling, we don't do "checkbox security"-we build security software. We treat security as a first-class engineering discipline, where the solution to a threat isn't a policy, but a <strong>robust, concurrent system written in Go</strong>.</p> <p>As a <strong>Cloud Security Software Engineer</strong>, you will be a hands-on builder responsible for the security architecture of our multi-tenant core banking platform. You'll spend your days architecting and writing Go-based tooling, automating defenses, and ensuring our infrastructure across AWS and GCP is secure by design and compliant by default.</p> The Mission <p>Your mission is to solve complex security problems through <strong>software engineering</strong>, focusing on three core pillars:</p> <ul> <li> <strong>Identity & Network Security:</strong> Engineering high-performance IAM controls and zero-trust network architectures. You will lead the way in refining edge-defense strategies and trust redirection, ensuring every request is verified and encrypted at scale.</li> <li> <strong>Unified Vulnerability Orchestration:</strong> Architecting a custom "single pane of glass" for security data. You will build <strong>Go-based API integrations</strong> and microservices that bridge scanning engines, dependency trackers, and internal portals into a seamless, automated ecosystem.</li> <li> <strong>Compliance as Code:</strong> Building the automated systems that provide real-time evidence for frameworks like SOC 2, ISO 27001 & PCI. You'll ensure we stay compliant through continuous, automated validation rather than manual overhead.</li> </ul> The Team <p>You will be a key member of our growing Security Engineering team, working at the intersection of Infrastructure, Cross-Cutting, and GRC. We operate like a specialized product team: we identify security friction and build the software to eliminate it. You won't work in a silo; you'll collaborate with engineers across the business to deliver a platform that is resilient by default.</p> About You <p>We are looking for <strong>Software Engineers</strong> who are passionate about the <strong>Go ecosystem</strong> and want to apply those skills to mission-critical security challenges. Whether you come from a Security Engineering background or you are a Backend Engineer with a "security-first" mindset, we value your ability to write clean, maintainable, and efficient code.</p> What you'll get to do <ul> <li> <strong>Engineering Security Tooling:</strong> Lead the design and maintenance of our internal security tool suite, written primarily in <strong>Go</strong>, to automate evidence collection and real-time remediation of security alerts.</li> <li> <strong>Infrastructure as Code:</strong> Write and peer-review <strong>Terraform</strong> and custom providers to manage identity and core infrastructure across AWS and GCP.</li> <li> <strong>Supply Chain Security:</strong> Build automated systems to manage container provenance and integrate security analysis into our CI/CD pipelines (GitHub Actions/TeamCity).</li> <li> <strong>Cloud Native Defense:</strong> Engineer Kubernetes security solutions leveraging <strong>Cilium</strong>, eBPF, and custom controllers to protect our microservices.</li> <li> <strong>Cryptographic Engineering (PKI):</strong> Build and maintain our <strong>Go-based Certificate Authority (CA) tooling</strong> and internal PKI infrastructure.</li> <li> <strong>Incident Response:</strong> Support the team in automated incident response, building the tools that help us investigate and mitigate threats faster.</li> </ul> Requirements What skills are essential: <ul> <li> <strong>Go Specialist:</strong> You are proficient in <strong>Go</strong>. You understand its concurrency models, testing patterns, and how to build idiomatic, performant services.</li> <li> <strong>The Builder Mindset:</strong> You find manual work a personal affront. If a task needs to be done twice, you've already started planning the automation for it.</li> <li> <strong>Cloud Native:</strong> Practical experience with AWS or GCP, ideally managed through <strong>Terraform</strong>.</li> <li> <strong>Container Expertise:</strong> You understand Kubernetes internals-from the runtime security to the service mesh.</li> <li> <strong>Identity & Networking:</strong> Strong understanding of cloud identity models and network protocols.</li> </ul> What skills are desirable: <ul> <li>Experience with <strong>Cilium</strong> or eBPF-based security monitoring.</li> <li>Knowledge of <strong>Sigstore/Cosign</strong>, image provenance, and SBOMs.</li> <li>Familiarity with hardware security modules (HSMs) or advanced cryptography.</li> <li>Cloud-native security certifications (AWS/GCP).</li> </ul> Benefits <ul> <li>33 days holiday (including public holidays, which you can take when it works best for you)</li> <li>An extra day's holiday for your birthday</li> <li>Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off</li> <li>16 hours paid volunteering time a year</li> <li>Salary sacrifice, company enhanced pension scheme</li> <li>Life insurance at 4x your salary & group income protection</li> <li>Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton</li> <li>Generous family-friendly policies</li> <li>Incentives refer a friend scheme</li> <li>Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks</li> <li>Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing</li> </ul> <p></p><img src="https://www.jobg8.com/Tracking.aspx?G0hIdw8wptsqTodZ05Vy%2f4wnOj7GLYmBq" width="0" height="0" />