AWS Cloud Security Engineer

Role Overview We are seeking an AWS Security Engineer to take end-to-end ownership of cloud security across discovery, design, implementation, and large-scale workload migration. This role is central to a major AWS transformation programme, including: AWS Landing Zone establishment EUC/Citrix-to-Amazon WorkSpaces modernisation Full on-premises datacentre migration You will be responsible for defining and embedding security controls across identity, compliance, guardrails, monitoring, MFA/Conditional Access, and ongoing hardening of production environments. Key Responsibilities Validate MFA, Conditional Access, encryption, and logging during the discovery phase Design and embed IAM, RBAC, federation, and authentication patterns into cloud architectures Define AWS security guardrails, Service Control Policies (SCPs), monitoring, and compliance baselines Configure and manage IAM roles, key management, encryption, logging, AWS CloudTrail, AWS Config, GuardDuty, and Security Hub Support AWS Landing Zone build-out, including identity federation, tagging standards, auditing, and multi-account governance Implement security hardening for VDI/Amazon WorkSpaces/Citrix environments, including MFA, Conditional Access, and admin console security Validate security controls during pilot migrations and large-scale migrations (200+ workloads), covering IAM, MFA, encryption, and BCP requirements Support CIS benchmarking, public-sector standards, compliance testing, and penetration-testing ..... full job details .....