Could Security Engineer (AWS or Azure) Tesco Mobile
Role details
Job location
Tech stack
Job description
As a Cloud Security Engineer within the Run & Operate Chapter, you'll join our DevSecOps Squad, working alongside DevOps engineers, platform specialists, and the Cyber Security Team. Your mission: to secure and optimise our cloud platforms across Azure and AWS, embedding robust security practices into everything we build and operate.
This is a hands-on role where you'll define cloud security standards, drive improvements, validate infrastructure changes, and strengthen our detection and response capabilities. Your work will directly influence how we protect our services, customers, and engineering systems.
You will be responsible for
You will play a key role in securing and maturing Tesco Mobile's cloud environments (Azure and AWS):
- Define, maintain, and evolve cloud infrastructure security standards across AWS and Azure
- Act as a subject-matter expert on cloud and infrastructure security
- Lead and deliver cloud security improvement initiatives and posture management work
Operational Cloud Security
- Use services like Azure Security Center/Security Hub and AWS Security Hub to monitor and enhance posture
- Identify threats, risks, and misconfigurations - and implement effective mitigation strategies
- Validate infrastructure changes to ensure they meet security and compliance requirements
Collaboration & Strategy
- Work closely with the Cyber Security Team to align on strategy, controls, and company-wide initiatives
- Communicate risk and security improvements in a clear, business-focused way
- Support containerised environments and cloud-native workloads where relevant
Requirements
- Proven experience in cloud security operations with either Azure or AWS (ideally both)
- Hands-on experience with cloud security monitoring and posture management tools
- e.g., Azure Security Center, Azure Defender, AWS Security Hub
- Strong understanding of cloud governance, threat identification, and risk mitigation
- Experience integrating security controls into CI/CD pipelines
- Infrastructure as Code expertise (Terraform preferred)
- Logging/SIEM experience (e.g., Splunk, Sentinel, CloudWatch Logs)
- Automation skills using PowerShell, Azure CLI, AWS CLI, and/or Python
- Understanding of SAST, secure coding, and DevSecOps practices
- Collaborative mindset and eagerness to learn
Nice to have
- GitHub & GitHub Actions
- Experience with both AWS and Azure
- Exposure to Docker, Kubernetes, or cloud container security
- Experience creating dashboards, log ingestion or data streams in Splunk
#LI-AF2, Disability Confident About Disability Confident A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to .
Benefits & conditions
- Annual bonus scheme of up to 20% of base salary
- Holiday starting at 25 days plus a personal day (plus Bank holidays)
- Private medical insurance
- 26 weeks maternity and adoption leave (after 1 years' service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave
- Free 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
