# Cloud Security Engineer (Automation & Tooling) - Engine by Starling > Starling · London, United Kingdom (Hybrid) · Full-time · Posted 2026-03-19 **Workplace:** hybrid **Department:** Infrastructure Engineering ## Description ### About Engineering at Engine by Starling At Engine by Starling, we don't do "checkbox security"—we build security software. We treat security as a first-class engineering discipline, where the solution to a threat isn't a policy, but a **robust, concurrent system written in Go**. As a **Cloud Security Software Engineer**, you will be a hands-on builder responsible for the security architecture of our multi-tenant core banking platform. You’ll spend your days architecting and writing Go-based tooling, automating defenses, and ensuring our infrastructure across AWS and GCP is secure by design and compliant by default. ### The Mission Your mission is to solve complex security problems through **software engineering**, focusing on three core pillars: - **Identity & Network Security:** Engineering high-performance IAM controls and zero-trust network architectures. You will lead the way in refining edge-defense strategies and trust redirection, ensuring every request is verified and encrypted at scale. - **Unified Vulnerability Orchestration:** Architecting a custom "single pane of glass" for security data. You will build **Go-based API integrations** and microservices that bridge scanning engines, dependency trackers, and internal portals into a seamless, automated ecosystem. - **Compliance as Code:** Building the automated systems that provide real-time evidence for frameworks like SOC 2, ISO 27001 & PCI. You’ll ensure we stay compliant through continuous, automated validation rather than manual overhead. ### The Team You will be a key member of our growing Security Engineering team, working at the intersection of Infrastructure, Cross-Cutting, and GRC. We operate like a specialized product team: we identify security friction and build the software to eliminate it. You won’t work in a silo; you’ll collaborate with engineers across the business to deliver a platform that is resilient by default. ### About You We are looking for **Software Engineers** who are passionate about the **Go ecosystem** and want to apply those skills to mission-critical security challenges. Whether you come from a Security Engineering background or you are a Backend Engineer with a "security-first" mindset, we value your ability to write clean, maintainable, and efficient code. ### What you’ll get to do - **Engineering Security Tooling:** Lead the design and maintenance of our internal security tool suite, written primarily in **Go**, to automate evidence collection and real-time remediation of security alerts. - **Infrastructure as Code:** Write and peer-review **Terraform** and custom providers to manage identity and core infrastructure across AWS and GCP. - **Supply Chain Security:** Build automated systems to manage container provenance and integrate security analysis into our CI/CD pipelines (GitHub Actions/TeamCity). - **Cloud Native Defense:** Engineer Kubernetes security solutions leveraging **Cilium**, eBPF, and custom controllers to protect our microservices. - **Cryptographic Engineering (PKI):** Build and maintain our **Go-based Certificate Authority (CA) tooling** and internal PKI infrastructure. - **Incident Response:** Support the team in automated incident response, building the tools that help us investigate and mitigate threats faster. ## Requirements ### What skills are essential: - **Go Specialist:** You are proficient in **Go**. You understand its concurrency models, testing patterns, and how to build idiomatic, performant services. - **The Builder Mindset:** You find manual work a personal affront. If a task needs to be done twice, you’ve already started planning the automation for it. - **Cloud Native:** Practical experience with AWS or GCP, ideally managed through **Terraform**. - **Container Expertise:** You understand Kubernetes internals—from the runtime security to the service mesh. - **Identity & Networking:** Strong understanding of cloud identity models and network protocols. ### What skills are desirable: - Experience with **Cilium** or eBPF-based security monitoring. - Knowledge of **Sigstore/Cosign**, image provenance, and SBOMs. - Familiarity with hardware security modules (HSMs) or advanced cryptography. - Cloud-native security certifications (AWS/GCP). ## Benefits - 33 days holiday (including public holidays, which you can take when it works best for you) - An extra day’s holiday for your birthday - Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off - 16 hours paid volunteering time a year - Salary sacrifice, company enhanced pension scheme - Life insurance at 4x your salary & group income protection - Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton - Generous family-friendly policies - Incentives refer a friend scheme - Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks - Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing ## Apply [Apply at Starling](https://apply.workable.com/starling-bank/j/04657FA2B4/apply) --- Powered by [Workable](https://www.workable.com)