Cloud Security Lead - OUTSIDE IR35 - Hybrid Dublin About the RoleAs a Cloud Security Engineer within the Cyber Engineering & Architecture function, this role owns the definition, governance and continuous improvement of cloud security posture across IaaS, PaaS and SaaS services. This hands-on role provides security architecture, standards and control governance for cloud platforms, ensuring secure-by-design patterns, guardrails and posture management that protect critical services and data while enabling rapid delivery. In addition to deep expertise in cloud security, the role holder is expected to collaborate and support with the wider Cyber Engineering team, supporting resilience in cyber domains, and creating an integrated strategy to protect company applications, assets and to the Head of Cyber Engineering & Architecture, this role delivers appropriate and proportionate technical measures by ensuring cloud security controls, identity and access safeguards, logging/monitoring enablement and resilience patterns are defined and governed across cloud platforms. The role will partner closely with the IT Cloud Operations team who operate, manage and support cloud infrastructure, and with the Product Engineering teams, maintaining a clear RACI between security control ownership and operational execution.Initial Success Factors*Build cloud IaaS and SaaS security reference architectures, landing zone security standards and baseline control blueprints*Improve cloud posture visibility and governance through Cloud Security Posture Management, including measurable reduction in high-risk misconfigurations and exceptions.*Logging and monitoring requirements standardised and enabled to support effective detection and incident investigation across cloud services.*Establish repeatable secure-by-design review process for cloud changes (IaaS/PaaS/SaaS), integrated with delivery ways of working.Principal Accountabilities*Own cloud security policies, standards, secure-by-design architectures and baseline control requirements across IaaS, PaaS and SaaS.*Define and govern cloud security posture management requirements and remediation workflows (including risk-based prioritisation and exception handling).*Establish secure cloud architecture patterns for network segmentation, IAM design, secrets management, encryption, key management and secure connectivity.*Ensure cloud logging and monitoring requirements are defined and implemented to enable protective monitoring and incident investigation.*Partner with Cloud Ops to embed automated guardrails and policy-as-code where appropriate, reducing manual control drift and enabling scale.*Act as cloud security SME for incidents and high-risk findings, supporting containment and root-cause Accountabilities / Responsibilities*Provide security architecture reviews for new cloud services and significant changes, ensuring alignment to standards and enterprise architecture.*Collaborate with Cyber Defence to ensure cloud telemetry and detections are aligned with monitoring coverage and response playbooks.*Contribute to cloud security awareness and enablement for delivery teams (secure patterns, anti-patterns, and reusable blueprints).*Support multi-cloud risk assessments and third-party SaaS security reviews where required.Qualifications, Competencies and ExperienceEssential Qualifications / Experience*Minimum of 10 years' cloud industry experience with at least 5 years in cloud security / cyber engineering roles.*Proven hands-on experience securing cloud environments using native security controls and patterns (IAM, networking, logging, encryption)*Experience with Cloud Security Posture Management (CSPM), building compliance detection and enforcement policies, and remediation of cloud misconfigurations.*Experience working with Cloud Operations teams to implement security standards via change and delivery processes.*Cloud security certifications (e.g., AWS Security Specialty, CCSP, or equivalent).Essential Competencies / Skills*Direct experience with shared responsibility models and secure cloud architecture patterns.*Ability to define pragmatic security standards and blueprints that enable delivery teams to reduce risk.*Strong capability in security control design for IAM, network security, data protection and resilience within cloud environments.*Comfortable working with automation and infrastructure-as-code concepts to reduce manual control drift.*Hands-on experience with Cloud Security Posture Management platforms e.g. Palo Prisma Cloud, Crowdstrike CSPMDesirable Criteria*Exposure to Azure and GCP security controls and posture management concepts.*Experience integrating cloud logs and signals into SIEM/SOC monitoring and supporting cloud incident response.*Proven engineering and/or architecture experience in at least one other Cyber domain e.g. infrastructure security, network security, identity security
Identity Lead - OUTSIDE IR35 Read on to find out what you will need to succeed in this position, including skills, qualifications, and experience. About the Role The Senior Identity Security Engineer within the Cyber Engineering & Architecture function, will be responsible for the lifecycle, performance, and strategic direction of the organisation's identity security and identity and access management (IAM) platforms and services, including Privileged Access, to ensure digital identities (employees, contractors, machines) are properly managed, secured, and governed and access to company systems are appropriate protected. This role will have ownership of identity security policies, standards, architectures and technologies to deliver identity services, including oversight of the management and operations of Identity platforms and critical infrastructure (Active Directory & MS Entra). Context Reporting to the Head of Cyber Engineering & Architecture, this role will develop and manage centralised identity controls and services for the organisation, delivering a simple, frictionless and self-service end user experience, while enabling robust controls that protect company digital identities. Automation in identity management will be key, standardising IAM processes, reducing human error and accesses needed for manual activities in AD / Entra, limiting exposure to identity compromises. This role will be a key contributor and collaborator with the overall IT & Cyber teams, to ensure identity controls are part of an integrated strategy, protecting our applications and data, and enabling effective incident detection and response. Initial Success Factors * Build Identity security zero trust reference architecture and standards for fundamental compliance, defensive, preventive and responsive controls * Deliver automation improvements for joiners/movers/leavers and access governance workflows, reducing manual tasks, misconfigurations and admin accesses by support staff * Establish baseline of the current identity security posture, identifying opportunities for quick wins addressing critical risks, control or process gaps. * Implement initial identity security posture improvements e.g. AD & Entra configuration hardening, privileged access hygiene, high risk non-compliance metrics Principal Accountabilities * Own identity security policies, standards and architecture patterns across AD, Entra, PAM, and IAM/IGA services. * Lead program of continuous improvements of identity security controls, PAM and IAM lifecycle processes, enabling self-service and scalable services through automation * Own security posture management for Active Directory and Entra configurations and infrastructure, treating identity as a critical enterprise asset. * Lead design and governance of identity lifecycle management processes and controls for employees, contractors, third parties and non‑human identities. * Own privileged access management requirements and secure patterns as part of identity services (privileged access lifecycle, role design, access reviews). * Lead the engineering and governance of IAM workflows via SailPoint (access requests, provisioning/deprovisioning, certifications/access reviews, RBAC/role models). * Provide SME support during incidents relating to identity compromise, privileged access misuse or access control failures, and drive root‑cause remediation. * Ensure alignment with compliance requirements & regulations Additional Accountabilities / Responsibilities * Stay informed of threats facing the organization to proactively drive ongoing improvements in our overall identity risk posture * Partner with technology teams to embed secure-by-design identity patterns into applications and platforms (authentication, authorisation, SSO patterns). * Collaborate with Cyber Defence to ensure identity telemetry and signals support detection and response use cases. * Maintain identity security blueprints, standards and documentation to support consistent implementation and audit readiness. * Provide direction and oversight to third party providers that are supporting and operating identity services and platforms * Collaborate with IT and support teams, to continually identify opportunities to automate identity or access related tasks, removing the needs for privileged access into AD Qualifications, Competencies and Experience Essential Qualifications / Experience * Minimum of 12 years' industry experience with at least 8 years in identity hands-on roles. * Proven technical experience with Active Directory and Entra (Azure AD) in enterprise environments and maintaining secure configuration and posture of same. * Hands‑on experience designing, implementing and governing identity lifecycle and access lifecycle processes using an IGA platform * Experience designing & implementing privileged access management controls and processes * Experience implementing zero trust patterns and controls * Relevant certifications e.g., Microsoft identity/security, CISSP/CISM/CIAM/CRISC Essential Competencies / Skills * Strong understanding of IAM principles including least privilege, RBAC, access reviews/certifications, segregation of duties concepts and lifecycle governance. * Ability to define secure identity architecture patterns and translate them into practical standards and blueprints. * Strong automation mindset with scripting/workflow capability (e.g., PowerShell or equivalent) to reduce manual processes and improve control reliability. * Strong stakeholder management skills across HR, IT, application and security teams. xsokbrc * Engineering experience with Identity Protection, IAM, and governance e.g. SailPoint, CyberArk, BeyondTrust, MS Defender for Identity, Crowdstrike Identity, SilverFort Desirable Criteria * Experience with identity threat detection concepts and integration with SOC monitoring. * Experience with non‑human identity governance patterns and modern authentication protocols
Cloud Security Lead - OUTSIDE IR35 - Hybrid Dublin You can get further details about the nature of this opening, and what is expected from applicants, by reading the below. About the Role As a Cloud Security Engineer within the Cyber Engineering & Architecture function, this role owns the definition, governance and continuous improvement of cloud security posture across IaaS, PaaS and SaaS services. This hands‑on role provides security architecture, standards and control governance for cloud platforms, ensuring secure‑by‑design patterns, guardrails and posture management that protect critical services and data while enabling rapid delivery. In addition to deep expertise in cloud security, the role holder is expected to collaborate and support with the wider Cyber Engineering team, supporting resilience in cyber domains, and creating an integrated strategy to protect company applications, assets and data. Context Reporting to the Head of Cyber Engineering & Architecture, this role delivers appropriate and proportionate technical measures by ensuring cloud security controls, identity and access safeguards, logging/monitoring enablement and resilience patterns are defined and governed across cloud platforms. The role will partner closely with the IT Cloud Operations team who operate, manage and support cloud infrastructure, and with the Product Engineering teams, maintaining a clear RACI between security control ownership and operational execution. Initial Success Factors * Build cloud IaaS and SaaS security reference architectures, landing zone security standards and baseline control blueprints * Improve cloud posture visibility and governance through Cloud Security Posture Management, including measurable reduction in high‑risk misconfigurations and exceptions. * Logging and monitoring requirements standardised and enabled to support effective detection and incident investigation across cloud services. * Establish repeatable secure‑by‑design review process for cloud changes (IaaS/PaaS/SaaS), integrated with delivery ways of working. Principal Accountabilities * Own cloud security policies, standards, secure‑by‑design architectures and baseline control requirements across IaaS, PaaS and SaaS. * Define and govern cloud security posture management requirements and remediation workflows (including risk‑based prioritisation and exception handling). * Establish secure cloud architecture patterns for network segmentation, IAM design, secrets management, encryption, key management and secure connectivity. * Ensure cloud logging and monitoring requirements are defined and implemented to enable protective monitoring and incident investigation. * Partner with Cloud Ops to embed automated guardrails and policy-as-code where appropriate, reducing manual control drift and enabling scale. * Act as cloud security SME for incidents and high‑risk findings, supporting containment and root‑cause remediation. Additional Accountabilities / Responsibilities * Provide security architecture reviews for new cloud services and significant changes, ensuring alignment to standards and enterprise architecture. * Collaborate with Cyber Defence to ensure cloud telemetry and detections are aligned with monitoring coverage and response playbooks. * Contribute to cloud security awareness and enablement for delivery teams (secure patterns, anti‑patterns, and reusable blueprints). * Support multi‑cloud risk assessments and third‑party SaaS security reviews where required. Qualifications, Competencies and Experience Essential Qualifications / Experience * Minimum of 10 years' cloud industry experience with at least 5 years in cloud security / cyber engineering roles. * Proven hands‑on experience securing cloud environments using native security controls and patterns (IAM, networking, logging, encryption) * Experience with Cloud Security Posture Management (CSPM), building compliance detection and enforcement policies, and remediation of cloud misconfigurations. * Experience working with Cloud Operations teams to implement security standards via change and delivery processes. * Cloud security certifications (e.g., AWS Security Specialty, CCSP, or equivalent). Essential Competencies / Skills * Direct experience with shared responsibility models and secure cloud architecture patterns. * Ability to define pragmatic security standards and blueprints that enable delivery teams to reduce risk. * Strong capability in security control design for IAM, network security, data protection and resilience within cloud environments. * Comfortable working with automation and infrastructure‑as‑code concepts to reduce manual control drift. * Hands-on experience with Cloud Security Posture Management platforms e.g. Palo Prisma Cloud, Crowdstrike CSPM Desirable Criteria * Exposure to Azure and GCP security controls and posture management concepts. xsokbrc * Experience integrating cloud logs and signals into SIEM/SOC monitoring and supporting cloud incident response. * Proven engineering and/or architecture experience in at least one other Cyber domain e.g. infrastructure security, network security, identity security
