Senior Cloud Security Engineer

Who We Are

Cint is a pioneer in research technology (ResTech). Our customers use the Cint platform to post questions and get answers from real people to build business strategies, confidently publish research, accurately measure the impact of digital advertising, and more. The Cint platform is built on a programmatic marketplace, which is the world's largest, with nearly 300 million respondents in over 150 countries who consent to sharing their opinions, motivations, and behaviours.

We are feeding the world's curiosity

Job Description

Our vision for the role

We are searching for an experienced Senior Cloud Infrastructure Security Engineer with an unquenchable thirst for automation and a passion for DevSecOps methodology. You'll be working with a team of other engineers to build out and secure our expanding cloud infrastructure in AWS. While this is a hands-on engineering position (not a CISO or a consulting role), you will need the confidence and gravitas to heavily influence engineers and managers across a wide technical function.

The team holds itself accountable to a high standard of build quality. We have recently completed the first major phase of a completely green-field infrastructure and platform rebuild that is designed to underpin Cint's business applications for the next decade, while scaling to support a 10-fold growth in revenue. We are compulsive about infrastructure as code (nothing in our platform is created or deployed unless via a code change) and driven to achieve a full end to end continuous deployment pipeline.

Major elements of our platform include AWS (we make significant use of S3, RDS, Kinesis, EC2, EMR, ElastiCache, ElasticSearch and EKS). Elements of the platform will start to expand into GCP (Compute Engine, Cloud Storage, Google Kubernetes Engine and BigQuery). Other significant tools of the platform include Linux, Terraform, Kubernetes, Docker, Packer, Ansible and Jenkins. We support applications and services written in Golang, Python, Java, Scala and .Net. We monitor and alert on everything we deploy via Grafana, Prometheus, Graphite and ELK stacks.

You will be someone that shares our values and ambitions and can bring security best practices and specific cloud security expertise to the party. You will additionally be the kind of person that is energised by complex challenges, teamwork and problem solving. In return, we can offer a great tech culture, highly competitive compensation packages and employment benefits.

Qualifications

Responsibilities

• Work as part of the Infrastructure team defining and improving our general security posture across legacy and green field resources including data, applications and networks
• Provide point of expertise on application, data and network security to our wider engineering teams - engaging with them in order to ensure consistent adoption of security policies and best practice
• Participate in the automation of software to our cloud platform and embed security into our methodology, embracing DevSecOps
• Improve our monitoring and alerting systems to enhance them with specific and relevant security data points
• Participate in an on-call rotation and assist with troubleshooting issues that arise
• Defining and implementing a Security Incident Response process/policy with regular evolvement, testing and adherence

Required Qualifications

• Three years or more experience in Cloud Infrastructure roles (predominantly AWS) working within teams that practice DevSecOps
• Ability to interact comfortably with AWS via CLI and/or API
• Proficient in managing Infrastructure exclusively with Terraform
• Specific expertise in threat assessment, attack surface management, data security, the network stack at L4 and L7, DNS, VPC security, IGW, WAF and CloudFront
• Experience designing and managing IAM policies, roles and trust policies
• Good knowledge of most of VPN, MFA, SAML, OAuth2, KMS and TLS
• Good knowledge of some IdP (Okta, OneLogin, Auth0) frameworks and integrations
• Experience building and running Docker images/containers securely, including container orchestration security
• Experience of code security audit, static and dynamic analysis, defensive programming techniques and visualisation and measurement of security KPIs
• Expertise in at least one scripting or programming language (Python, Bash, Ruby, Node, Golang, Java)
• Plays well with others - we build and ship as a team

Advantageous Qualifications

• AWS Certified Security Specialist
• Hands on experience designing and implementing security controls within GCP
• Experience defining and operating a Security Incident Response process
• Good knowledge of monitoring and alerting using one or more of: Graphite, Statsd, Prometheus, Grafana, OpenSearch
• Any experience of ISO27001 certification processes
• Understanding of "cloud native" and 12-Factor applications
• Offensive or defensive penetration testing experience

Additional Information

Our Values

Collaboration is our superpower

• We uncover rich perspectives across the world
• Success happens together
• We deliver across borders.

Innovation is in our blood

• We're pioneers in our industry
• Our curiosity is insatiable
• We bring the best ideas to life.

We do what we say

• We're accountable for our work and actions
• Excellence comes as standard
• We're open, honest and kind, always.

We are caring

• We learn from each other's experiences
• Stop and listen; every opinion matters
• We embrace diversity, equity and inclusion.

More About Cint

We're proud to be recognised in Newsweek's 2025 Global Top 100 Most Loved Workplaces, reflecting our commitment to a culture of trust, respect, and employee growth.

In June 2021, Cint acquired Berlin-based GapFish – the world's largest ISO certified online panel community in the DACH region – and in January 2022, completed the acquisition of US-based Lucid – a programmatic research technology platform that provides access to first-party survey data in over 110 countries.

Cint Group AB (publ), listed on Nasdaq Stockholm, this growth has made Cint a strong global platform with teams across its many global offices, including Stockholm, London, New York, New Orleans, Singapore, Tokyo and Sydney. )

Additionally, in a world of AI, we want our candidates to understand our approach to the use of AI during the interview and hiring process, so we'd appreciate you reading our AI usage guide.