Senior Cyber Security Engineer

ENSEK is at an exciting inflection point as we scale at pace towards new international horizons. If you’re driven by solving complex, real‑world problems and want to protect resilient, cloud‑native platforms that accelerate the global energy transition, you’ll feel right at home with us.

About the role

As a Senior Cyber Security Engineer you will embed security into the DNA of our B2B SaaS platform. You’ll partner with Engineering, SRE, Risk and Product to build security into every part of our product lifecycle, enabling high‑velocity delivery without ever compromising trust or resilience.

This is a hands‑on, high‑impact role. You’ll influence architecture, automate security controls, strengthen detection & response, and drive a measurable uplift in our security posture. You’ll define our standards, lead threat modelling, and champion secure‑by‑design practices across an engineering organisation that’s modernising rapidly and ready for your expertise.

Key responsibilities:

• Security architecture & design: Collaborate with engineering and platform teams to design secure solutions, perform threat modelling and review designs for cloud, container and service‑based architectures.

• Cloud security: Define and enforce secure configurations, network segmentation, identity and access controls for public cloud (primarily AWS).

• Application & infrastructure hardening: Implement secure coding practices, vulnerability management, secrets management and runtime protections for services and CI/CD pipelines.

• Detection & response: Build and maintain monitoring, logging and alerting for security events; lead incident response and post‑incident reviews to drive remediation and lessons learned.

• Incident Management: Support ENSEK’s 24/7 Incident Management processes to ensure security and stability for clients.

• Automation & tooling: Automate security checks, policy enforcement and remediation using IaC, CI/CD integrations and custom tooling where appropriate.

• Compliance & assurance: Work with Risk, Legal and InfoSec to embed controls that support regulatory, privacy and contractual requirements across new territories.

Key outcomes:

• Measurable risk reduction: Clear evidence of reduced exposure through vulnerability metrics, patch timelines and remediation actions.

• Robust detection capability: High‑fidelity alerts and shortened MTTD/MTTR for security incidents with thorough RCA and preventative measures.

• Secure-by‑design practices adopted: Engineering teams consistently apply threat modelling, secure coding and automated security gates.

• Compliance readiness: Security controls aligned with regulatory and contractual requirements for current and new markets.

Experience required:

• 5+ years’ experience in cyber security within cloud‑native environments, DevOps or platform engineering contexts.