Cloud Security Engineer (Automation & Tooling) - Engine by Starling

About Engineering at Engine by Starling

At Engine by Starling, we don't do "checkbox security"—we build security software. We treat security as a first-class engineering discipline, where the solution to a threat isn't a policy, but a robust, concurrent system written in Go.

As a Cloud Security Software Engineer, you will be a hands-on builder responsible for the security architecture of our multi-tenant core banking platform. You’ll spend your days architecting and writing Go-based tooling, automating defenses, and ensuring our infrastructure across AWS and GCP is secure by design and compliant by default.

The Mission

Your mission is to solve complex security problems through software engineering, focusing on three core pillars:

• Identity & Network Security: Engineering high-performance IAM controls and zero-trust network architectures. You will lead the way in refining edge-defense strategies and trust redirection, ensuring every request is verified and encrypted at scale.
• Unified Vulnerability Orchestration: Architecting a custom "single pane of glass" for security data. You will build Go-based API integrations and microservices that bridge scanning engines, dependency trackers, and internal portals into a seamless, automated ecosystem.
• Compliance as Code: Building the automated systems that provide real-time evidence for frameworks like SOC 2, ISO 27001 & PCI. You’ll ensure we stay compliant through continuous, automated validation rather than manual overhead.

The Team

You will be a key member of our growing Security Engineering team, working at the intersection of Infrastructure, Cross-Cutting, and GRC. We operate like a specialized product team: we identify security friction and build the software to eliminate it. You won’t work in a silo; you’ll collaborate with engineers across the business to deliver a platform that is resilient by default.

About You

We are looking for Software Engineers who are passionate about the Go ecosystem and want to apply those skills to mission-critical security challenges. Whether you come from a Security Engineering background or you are a Backend Engineer with a "security-first" mindset, we value your ability to write clean, maintainable, and efficient code.

What you’ll get to do

• Engineering Security Tooling: Lead the design and maintenance of our internal security tool suite, written primarily in Go, to automate evidence collection and real-time remediation of security alerts.
• Infrastructure as Code: Write and peer-review Terraform and custom providers to manage identity and core infrastructure across AWS and GCP.
• Supply Chain Security: Build automated systems to manage container provenance and integrate security analysis into our CI/CD pipelines (GitHub Actions/TeamCity).
• Cloud Native Defense: Engineer Kubernetes security solutions leveraging Cilium, eBPF, and custom controllers to protect our microservices.
• Cryptographic Engineering (PKI): Build and maintain our Go-based Certificate Authority (CA) tooling and internal PKI infrastructure.
• Incident Response: Support the team in automated incident response, building the tools that help us investigate and mitigate threats faster.

What skills are essential:

• Go Specialist: You are proficient in Go. You understand its concurrency models, testing patterns, and how to build idiomatic, performant services.
• The Builder Mindset: You find manual work a personal affront. If a task needs to be done twice, you’ve already started planning the automation for it.
• Cloud Native: Practical experience with AWS or GCP, ideally managed through Terraform.
• Container Expertise: You understand Kubernetes internals—from the runtime security to the service mesh.
• Identity & Networking: Strong understanding of cloud identity models and network protocols.

What skills are desirable:

• Experience with Cilium or eBPF-based security monitoring.
• Knowledge of Sigstore/Cosign, image provenance, and SBOMs.
• Familiarity with hardware security modules (HSMs) or advanced cryptography.
• Cloud-native security certifications (AWS/GCP).

• 33 days holiday (including public holidays, which you can take when it works best for you)
• An extra day’s holiday for your birthday
• Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
• 16 hours paid volunteering time a year
• Salary sacrifice, company enhanced pension scheme
• Life insurance at 4x your salary & group income protection
• Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
• Generous family-friendly policies
• Incentives refer a friend scheme
• Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks
• Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing