Security Engineer

Our team of hundreds of skilled experts keep Formula 1 moving. We re on the lookout for a Security Engineer. Reporting to the Cyber Security Manager, the main purpose of this role is to support the development and management of security technologies across F1 s growing technology landscape.

Main Duties & Responsibilities:

• Assess and maintain high standards of security maturity across Formula 1 s cloud infrastructure
• Focus on new and existing infrastructure, managing technical vulnerabilities, support continued system maintenance, and minimise technical debt
• Ensure visibility and reporting of Cloud infrastructure against Formula 1 s compliance and security standards (such as ISO 27001 and CIS)
• Main duties to be carried out include, but not limited to:
• Vulnerability Management and reporting across Formula 1 s cloud environment(s), including:
• Development of requirements, design, and implementation of cloud security tools (E.g. compliance and host security)
• A key focus on threat detection and risks across cloud environments
• Identification, remediation, and reporting of security vulnerabilities
• Reporting on compliance to F1 s security standards
• Support in the delivery and management of security design and architecture reviews
• Working closely with Infrastructure teams on security design and control strategies to reduce risks
• The definition and operation of secure development / operations (DevOps) practices, inc. code scanning, Kubernetes, container security.
• System and device hardening policies and reporting
• Technology focused threat assessments to identify threats/risks
• Documentation of security requirements, patterns, and processes
• Liaising closely with Formula 1 s cyber security, infrastructure, and digital teams on new and existing initiatives.

About You:

• Extensive hands-on experience with AWS cloud infrastructure inc. AWS Security Services (CloudTrail, Guard Duty, WAF, IAM, Security Hub etc.)
• Knowledge of CI/CD including DevSecOps patterns and principles
• Infrastructure as code experience utilising Terraform
• Knowledge of container technologies
• Extensive experience with AWS Security Services & Governance and Information Security Best Practices
• Experience with other enterprise cloud platforms e.g. Azure
• Kubernetes experience
• Identity & Access Management deployment and administration (e.g. Okta, Entra ID)
• Web application security technologies WAF, Bot Protection, DDOS Protection, etc.
• Adaptable, passionate and a team-player

Division:

Technical