Enable job alerts via email!
AWS Security Architect
Lynx Recruitment Ltd
Greater London
On-site
GBP 70,000 - 90,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A leading consultancy is seeking an AWS Security Architect who possesses deep knowledge of AWS internals and strong coding skills. Your role includes conducting threat modeling, building IaC-driven security checks, and performing cloud-native testing. This hands-on position requires experience in security automation within CI/CD pipelines and the ability to collaborate with engineering teams. A relevant Technical/IT degree (2:1 or above) is essential, and experience with tools like Terraform and AWS CDK is preferred.
Qualifications
- Deep AWS internals knowledge is crucial for the role.
- A 2:1 or above in a Technical/IT degree is required.
- Proven experience in threat-modelling using STRIDE or attack trees is essential.
Responsibilities
- Conduct threat modeling and architecture reviews of AWS services.
- Build IaC-driven security checks and CI/CD gates.
- Perform cloud-native testing and guide fixes directly via PRs.
- Enable DevSecOps by working with platform teams on security practices.
- Contribute to team documentation and knowledge sharing.
Skills
Education
Tools
Lynx are working with a leading consultancy who partner with fast-moving engineering teams who build and run their businesses in the cloud. They need pragmatic, code-literate security specialists.
They're looking for a hands-on AWS Security Architect who lives and breathes AWS. You'll dissect designs, model attack paths, and show engineering teams what good really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. They don't expect you to know everything - just to be curious, practical, and willing to dive in.
Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships.
Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/CD gates, and CSPM rules to enforce secure defaults at scale.
Hands-On Testing & Hardening: Perform cloud-native testing (IAM escalation, container escape attempts, infra abuse) and guide fixes directly via PRs.
DevSecOps Enablement: Pair with platform teams, review Terraform/CloudFormation/Kubernetes, and promote least privilege, logging, and runtime controls.
Knowledge Sharing: Contribute to documentation, demos, and continuous learning within the team.
Deep AWS internals knowledge
Technical/IT degree (2:1 or above)
Proven threat-modelling experience (STRIDE, attack trees, etc.)
Strong coding skills (Python, Go, Rust, etc.)
IaC expertise - Terraform, CrossPlane, Pulumi, CloudFormation, AWS CDK
CI/CD security automation experience (GitHub Actions, GitLab CI, Jenkins, etc.)
AWS Security Specialty, SANS, OSCP (skills over certificates, though!)
Multi-cloud or hybrid security experience
Container security & supply-chain/SBOM tooling
Applied cryptography fundamentals (KMS, envelope encryption, etc.)
Incident response or red/blue/purple team exposure
OSS security contributions or AWS community involvement
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
