Senior Cloud & Application Security Engineer

We are looking for a Senior Cloud & Application Security Engineer to design, implement and manage security controls across cloud environments and applications, protecting Cuscal’s payments and data services. What is this role about?As the Senior Cloud & Application Security Engineer, you’ll play a key part in securing cloud-native workloads, integrating security into the software development lifecycle (SDLC), and ensuring compliance with regulatory and industry security standards. The role will work closely with development, DevOps, and infrastructure teams to embed security best practices and drive continuous security improvements across cloud and application landscapes.Here’s some more insight into what you’ll work on,Cloud Security Architecture:Design and implement security solutions for cloud-native and hybrid-cloud environments.Develop and enforce security architecture patterns, controls, and automation within cloud services and infrastructure as code (IaC).Configure and manage cloud security services such as identity and access management (IAM), encryption, logging, and monitoring.Application Security & DevSecOps:Embed security within the SDLC through secure coding practices, automated security testing, and CI/CD pipeline integrations.Conduct static (SAST) and dynamic (DAST) application security testing, container security scanning, and API security assessments.Threat & Vulnerability Management:Identify and mitigate security risks in cloud and application environments through threat modelling, penetration testing, and vulnerability assessments.Implement and maintain security controls to defend against cloud and application-specific attack vectors.Support incident response by analysing cloud and application security events and recommending mitigations.Develop and maintain incident response playbooks specifically focused on data breaches and protection failures.Security Tooling & Automation:Implement and maintain security tools such as Cloud Security Posture Management (CSPM)Develop security automation using scripting (Python, PowerShell) and cloud-native security services.Enhance visibility and detection capabilities by integrating cloud security logs into SIEM solutions.