AWS Security & Vulnerability Remediation Engineer Contract | 3 Months Initial | Outside IR35 | Hybrid (London) Sector: Data, Digital Platforms & Technology We are partnering with a technology‑led organization operating at scale in the data and digital platforms space, seeking an AWS Security & Vulnerability Remediation Engineer to support a focused cloud security improvement program. This is a hands‑on delivery role for a security engineer with deep AWS expertise who enjoys working directly with developers and platform teams to remediate real vulnerabilities in cloud environments, applications, and delivery pipelines. Role Overview The successful contractor will take ownership of end‑to‑end remediation of AWS and workload vulnerabilities, working closely with developers, data engineers, and an internal AWS Security Lead. The role combines strong AWS security fundamentals with practical DevSecOps and vulnerability management experience. AWS security is the primary technical focus; the ability to embed security into engineering workflows and drive findings through to closure is essential. Key Responsibilities

Own the full lifecycle of AWS and workload vulnerability remediation: validation, impact assessment, prioritisation, remediation, and closure Partner with development and data teams to implement secure fixes across:

Application code Infrastructure as Code (IaC) Containers and serverless workloads Operating systems and third‑party packages

Ensure remediation aligns with AWS security controls, internal risk policies, and compliance obligations Reduce repeat findings by strengthening preventative controls and guardrails

DevSecOps & Secure Delivery

Embed security into CI/CD pipelines and the SDLC, including shift‑left reviews and pipeline guardrails Provide secure coding guidance, dependency management recommendations, and remediation patterns Improve and automate vulnerability management processes (scanning coverage, SLAs, exceptions, evidence capture)

AWS Security Tooling & Controls

Configure, tune, and operate AWS‑native security services including:

GuardDuty Security Hub Inspector AWS Config IAM Access Analyzer

Strengthen core AWS controls across identity, networking, compute, storage, and data services Support threat detection, posture management, and monitoring to reduce cloud exposure

Reporting, Validation & Incident Support

Produce clear remediation guidance, runbooks, and dashboards for technical and non‑technical stakeholders Track remediation progress and demonstrate measurable risk reduction Support incident response and post‑remediation validation for high‑risk or exploited findings

Required Skills & Experience

AWS & Cloud Security (Essential)

Deep, hands‑on AWS security experience across:

IAM, networking, compute, storage, serverless, and managed data services

Strong understanding of the AWS Well‑Architected Security Pillar Practical experience implementing controls aligned to CIS AWS Foundations and NIST/ISO‑aligned frameworks Proven experience implementing and validating:

Least‑privilege IAM, roles, permission boundaries, SCPs, and access reviews VPC segmentation, security groups, NACLs, private endpoints, WAF/Shield Encryption in transit and at rest using KMS, TLS, and secrets management Centralised logging and monitoring (CloudTrail, CloudWatch, Config, SIEM patterns) AWS‑native threat detection and posture management

DevSecOps & Vulnerability Management (Essential)

Strong understanding of modern SDLC, CI/CD, and DevSecOps practices Demonstrable experience managing the full vulnerability lifecycle:

Triage and validation Risk‑based prioritisation (CVSS, EPSS, KEV) Remediation and verification Reporting and evidence

Comfortable remediating findings across:

OS and package CVEs Container images Third‑party libraries Serverless runtimes Cloud misconfigurations

Ability to translate security findings into clear, actionable engineering tasks

Engineering & Tooling

Infrastructure as Code: Terraform and/or CloudFormation Scripting and automation using Python, Bash, or similar Container and serverless security exposure (ECR, ECS/EKS, Lambda) Experience with vulnerability and scanning tools such as:

AWS Inspector / Security Hub Snyk, Trivy, Dependabot Prisma, Qualys, Tenable (or equivalents)

Nice to Have

AWS certifications (Security Specialty, Solutions Architect, or equivalent) Experience securing data platforms on AWS (Glue, EMR, Redshift, Athena, RDS, OpenSearch, MSK) Secure coding knowledge in Python, Node.js, Java, or core development stack Experience with policy‑as‑code and automated control enforcement (OPA, Conftest, tfsec, Checkov)

Personal Attributes

Highly collaborative and pragmatic; comfortable working directly with engineers Strong risk judgement and ability to balance security with delivery impact Clear communicator, able to write concise remediation guidance and status updates Ownership mindset — you drive remediation through to completion, not just identification

#J-18808-Ljbffr