Information Security Consultant 1

AWS Cloud Security Consultant

About Spike Reply:

Spike Reply is a Company within the Reply Group focusing on cybersecurity and protection of digital assets. Its mission is to safeguard the Confidentiality, Integrity and Availability of Data and Systems that empower its Clients to innovate and generate growth for a global, sustainable digital world. Together with its Partners, the Company provides vendor-agnostic consulting services that help Enterprises achieve group-wide aligned, security-oriented solutions and culture.

Role overview:

We're looking for a hands-on Cloud Security Consultant who lives and breathes AWS. Your core role is to be the engineer that can dissect designs, model attack paths, and give hands-on examples to teams of what good looks like. On any given engagement you might threat model, assess pipelines, learn a DSL from a security vendor so that you can complete a proof of concept, or build toolkit to help your team. We don't expect you to know it all.

Responsibilities:

• Threat modelling & architecture reviews - break down new AWS-backed services, map trust boundaries, build attack trees, and define security requirements before a single line of code is merged.
• Security automation - write and maintain IaC-driven checks, custom Lambda/Step-Functions, CI/CD gates, and CSPM rules so that secure defaults are enforced at scale.
• Hands-on testing & hardening - abuse the infrastructure you just modelled (cloud-native pen-testing, IAM privilege escalation drills, container escape attempts) and guide remediation in pull-requests.
• DevSecOps enablement - pair with platform engineers, review Terraform/CloudFormation/Kubernetes manifests, and champion least privilege, logging, and runtime controls.
• Knowledge sharing - you're keen to share what you've learned, and are on a continuous learning journey.

About the candidate:

Must-haves

• A minimum Bachelor's degree (2.1 or higher) is required in Computer Science, or in a Technology-related field
• Deep AWS internals knowledge
• Proven threat-modelling chops (STRIDE, attack-trees, or other methodologies ).
• Strong coding ability in at least one language (Python, Go, Rust, etc.).
• IaC expertise: Terraform, CrossPlane, Pulumi, CloudFormation, AWS CDK, etc.
• CI/CD security automation (GitHub Actions, GitLab CI, Jenkins pipelines, etc.).

Nice-to-haves

• AWS Security Specialty, SANS, or OSCP certs (we value skills over badges).
• Experience securing multi-cloud or hybrid (Azure/GCP/on-prem) environments.
• Container security and supply-chain SBOM tooling.
• Applied cryptography fundamentals (KMS, envelope encryption patterns, etc.).
• Cloud incident response or red/blue/purple-team experience.
• Contributions to open-source security tools or AWS community forums.

Reply provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type regardless of age, sexual orientation, gender, identity, pregnancy, religion, nationality, ethnic origin, disability, medical history, skin colour, marital status or parental status or any other characteristic protected by the Law.