Cloud Security Engineer

Policy Expert is a forward-thinking business that loves to get things done. Leveraging proprietary technology and smart data, we offer reliable products and a wow customer experience.

Having achieved rapid growth since being founded in 2011, we’ve won over 1.5 million customers in Home, Motor and Pet insurance and have been ranked the UK’s No.1‑rated home insurer by Review Centre since 2013. 🏆

At PolicyExpert, the DevSecOps team focuses on application, cloud, and cybersecurity to ensure security is integrated throughout the software development lifecycle. Our goal is to empower tech teams to build and deploy secure applications and platforms by embedding security best practices, automating security checks, and fostering a culture of shared responsibility. Becoming part of the DevSecOps team means joining a high‑impact, forward‑thinking group dedicated to securing the business and its customers. Team members collaborate with development, platform, IT, and Compliance teams to mitigate risks, enhance compliance, and enable faster, safer software delivery, ultimately strengthening the organisation’s competitive edge and fostering customer trust.

• Contribute to AWS and GCP cloud security initiatives, ensuring robust protection and compliance.
• Configure and manage Cloud Native Application Protection Platform (CNAPP) and cloud‑native security tools.
• Integrate and customise Infrastructure as Code (IAC) scanning in CI/CD pipelines to detect and remediate vulnerabilities early.
• Implement cloud security controls like SCP, RCP, GCP Organisation Policies, network segmentation, data protection, and threat detection.
• Secure runtime environments (ECS, cloud services) and ensure CI/CD pipeline hardening.
• Collaborate with teams on threat modelling and security reviews to promote a security‑first culture.
• Perform regular vulnerability management and remediation activities.
• Maintain compliance with standards such as ISO 27001, PCI, and GDPR.
• Participate in the first responder rota (working hours only) as the point of contact for development team security queries, threat intelligence reviews, and incident response.

• Proven experience delivering cloud security improvements across an organisation.
• Proficiency with Cloud Native Security tooling, including GuardDuty, GCP Security Command Center, CSPM, CNAPP, EDRs, Egress Firewalls.
• Strong background in AWS, GCP, cloud computing concepts, and cloud security best practices.
• Strong background in threat modelling and vulnerability management.
• Previous experience as a platform engineer
• Knowledge of security incident management and response.
• Relevant certifications such as CISSP, CCSP, AWS Security Specialty, GCP Cloud Security Engineer or similar.

• 15 minute Chat with someone from our Internal Talent Team
• 1 Hour and 30 mins Technical Interview with our Lead DevSecOps Engineer
• 30 mins Culture fit interview with Tech Principal of Platform Engineering

📍 This role will be based in our London office in a 50/50 Hybrid mode.

💸 We match your pension contributions up to 7%

📚 Learning budget of £1,000 a year + Study leave (with encouragement to use it)

😁 Enhanced maternity & paternity

🚉 Travel season ticket loan

🎟️ Access to a wide selection of London O2 events and use of a Private Lounge

“We pride ourselves on being an equal opportunity employer. We treat all applications equally and recruit based solely on an individual’s skills, knowledge, and experience. The quality and growing diversity of our team is a testament to this commitment.”

At Policy Expert, we are committed to fostering an inclusive and supportive environment for all candidates. If you require any reasonable adjustments during the interview process to accommodate your needs, please do not hesitate to let us know. We are dedicated to ensuring every candidate has an equal opportunity to succeed and will work with you to provide the necessary support.

We aim to be in touch within 14 working days of your application – you will be notified if successful or unsuccessful. Please be encouraged to apply even if you do not meet all the requirements.

Interested in building your career at Policy Expert? Get future opportunities sent straight to your email.