Senior Cloud Security Engineer

Who are we?👋

Look at the latest headlines and you will see something Ki insures. Think space shuttles, world tours, wind farms, and even footballers’ legs. 

Ki’s mission is simple. Digitally disrupt and revolutionise a 335-year-old market. Working with Google and UCL, Ki has created a platform that uses algorithms, machine learning and large language models to give insurance brokers quotes in seconds, rather than days. 

Ki is proudly the biggest global algorithmic insurance carrier. It is the fastest growing syndicate in the Lloyd's of London market, and the first ever to make $100m in profit in 3 years. 

Ki’s teams have varied backgrounds and work together in an agile, cross-functional way to build the very best experience for its customers. Ki has big ambitions but needs more excellent minds to challenge the status-quo and help it reach new horizons.

Where you come in?

As a senior and highly experienced Cloud Security Engineer, you'll be working closely with engineering teams across Cloud Services, Infrastructure, Product teams to help embed risk-conscious technical security controls in our services and products, development workflows and activities.

You'll be responsible for designing, implementing, and managing robust security measures across our cloud platforms. This role involves collaborating with cross-functional teams to develop security strategies, automate security processes, and proactively identify and mitigate potential threats. You will work on cloud native security tooling, automating our work, and leveraging infrastructure of code.

This role is expected to use AI to build automation and agentic AI workflows responsibly, to improve productivity, while ensuring safe use, data protection, and appropriate security controls.

What you will be doing: 🖋️

Cloud Security Architecture & Design

• Design and implement security architectures for cloud-based systems, including GCP, Azure, AWS or hybrid environments
• Design secure cloud architectures for AI/LLM workloads and AI-enabled services, including isolation patterns, secure networking, and hardened runtime configurations
• Ensure the reproducibility of security configurations and infrastructure through infrastructure-as-code (IaC), specification driven development(SDD), and automated deployment pipelines
• Automate cloud security processes leveraging agentic AI harnesses.
• Design and implement robust security measures across our cloud platforms
• Be opinionated regarding Ki's current architecture, able to suggest improvements

Security Governance & Policy

• Develop and enforce security policies, standards, and guidelines for cloud services
• Ensure cloud environments meet regulatory and compliance requirements such as ISO 27001, SOC 2, SOX ITGC, NIST, GDPR, etc
• Conduct and automate regular security assessments and audits
• Enable cloud security governance (Azure, GCP and AWS) with security monitoring, cloud security posture and vulnerability management

Incident Response & Monitoring

• Monitor cloud environments for security breaches and respond to incidents
• Conduct root cause analysis, create incident reports, and implement remediation strategies
• Triage & prioritise mitigation of vulnerabilities adhering to our remediation policies

Identity & Access Management

• Manage and implement IAM policies, roles, and permissions to enforce the principle of least privilege and zero trust
• Develop solutions for secure authentication and authorisation mechanisms

Data Security & Compliance

• Ensure data security and compliance through encryption, data masking, and secure storage practices
• Implement DLP (Data Loss Prevention) and data classification technologies

 Security Automation & DevSecOps

• Develop automated security controls, processes, and work with Terraform, Kubernetes
• Define secure-by-default automation patterns for AI-enabled systems, including observability and policy-as-code controls
• Integrate security tools and technologies with CI/CD pipelines to enhance DevSecOps practices
• Automate your work by writing code and contributing to infrastructure and security tooling around our platforms in the cloud

 Collaboration & Enablement

• Work closely with development, operations, and product teams to integrate security into the system development lifecycle
• Mentor junior security engineers and provide guidance on cloud security best practices
• Provide guidance and hands-on implementation advice in application security, aligning to industry best practices and frameworks
• Organise regular penetration tests and ad-hoc security assessments
• Develop and optimise technical controls for platform integrations
• Diligently document your work and share knowledge with the engineers
• Help facilitate and manage the Security Champions network across the engineering teams
• Organise regular security training sessions

Requirements

A successful candidate will have:

• You have extensive experience working with one of the major public cloud providers (preferably GCP and Azure) and understand network infrastructure
• Strong understanding of identity management, network security, firewalls, VPNs, IDS/IPS, and WAFs
• Hands-on scripting or programming experience with Python, Golang, or similar languages, delivered services or automation into production
• Hands-on experience with security tools such as SIEM, vulnerability scanners, EDR/XDR, and cloud security posture management (CSPM) tools
• You understand the Kubernetes ecosystem and security considerations around it
• You have experience with AI augmented development flows, and you can steer agents effectively for high quality outcomes that you can understand and explain
• You have worked with agile development teams before collaboratively
• The ability to troubleshoot and solve cloud related security issues independently
• Google Cloud Platform and Azure Experience
• Experience with CNAPP, and CSPM type tools like Wiz
• Experience with Kubernetes, Docker, and container security
• Experience with Infrastructure-as-Code using Terraform / OpenTofu, HCL
• Experience with CI tools such as Github Actions, Azure DevOps, pipeline builds, release packaging and artefact management
• Enterprise-wide agile methodologies and practices

Desirable Qualifications

• GCP professional cloud security engineer qualification desirable
• Experience or familiarity with securing LLM systems and AI agent harness and tool access patterns