Lead Cloud Security Engineer

Internet connected and smart home products are growing areas for Dyson where we aim to continue our reputation of being innovative and disruptive.

Since our first launch of products in connected space, we have grown fast to several millions of connected machines, and we are envisioning a steep growth in 2023 and beyond both in scale and connected features.

We want to expand the team to continue to build reliable, scalable, and secure services and features to support the increasing demands of innovative and competitive technologies in IoT, Machine Data Lake, Data Analytics and Machine Learning to support our vision.

We have a ‘You build it, you run it’ ethos and run all our services within Amazon Web Services (AWS). Our teams are responsible for the architecture, development, testing, and operational support of their services in all environments.

As a Lead Cloud Security Engineer within the Connected Cloud department, you will work closely with our cloud development teams and engineers to ensure that our cloud native IoT platform, associated tooling and the cloud services that we design, build and deploy are secure. 

In addition, you will explore innovative ways to improve our overall security posture and deal with common security challenges presented by our cloud workloads.

We primarily leverage AWS to host and secure our services, along with:

• Cloudflare to protect our public facing endpoints
• Azure DevOps for CI/CD orchestration
• AWS OpenSearch/ELK, Grafana for application monitoring
• Azure Sentinel for our Security Incident & Event Management platform
• Palo Alto Prisma for compliance monitoring and adherence with cloud best practices
• Veracode for SAST/SCA for scanning our cloud microservices and containers.
• C#, Node.js, and Python to create our services

In this role you will:

• Promote good security hygiene and best practices.
• Define security requirements, guidelines and policies for our engineers, platforms, tooling and services
• Work alongside our Cloud teams supporting, assisting and advising how to design and build secure services and platforms
• Conduct Threat Modelling to identify and assess our security risks, threats and vulnerabilities and provide a pragmatic risk-balance approach for remediating and applying mitigation where necessary 
• Advocate and drive a shifting left mentality to ensure possible threats or security issues can address early within the development cycle
• Work with the wider Dyson software teams to design and improve the security of our current and future products
• Ensure we comply with regulatory requirements and Dyson security standards
• Identify new technologies, tools, and approaches to help continually improve our security posture to address the ever-changing threat landscape.
• Act as point of contact for any security related queries or issues and educate our engineers in security best practices

Job Requirements

• Experience in securing cloud services (e.g. AWS, Azure, GCP)
• Good understanding of security best practices, ranging from governance and compliance through to vulnerability management
• Some level of coding experience (in any language)
• Exposure to Agile working practices and outstanding communication skills
• Ability to keep abreast of cloud security advisories, alerts, security trends and practices
• Have a background in either secure software development and/or securing cloud-based solutions and tooling. 

Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.