Cloud Security Specialist- AWS

Job Description

Working Locations: Bristol, London

Working Style: 3 days a week in office, 2 days anywhere

About the role

We are seeking an AWS Cloud & AI Security Engineer to design, implement, and operate security controls across AWS cloud platforms, AI/ML workloads, and Generative AI (GenAI) services. The role has a strong focus on threat detection and response, with particular emphasis on Amazon GuardDuty, Inspector and its integration into enterprise‑scale security operations.

You will work closely with platform, MLOps, data science, and security teams to embed security‑by‑design, automate detection and response, and ensure AI systems are protected against evolving cloud and AI‑specific threats.

What you’ll be doing

• Secure AI/ML platforms using AWS SageMaker and Amazon Bedrock, covering notebooks, pipelines, endpoints, and inference workflows.
• Implement security controls for :
  1. Training and inference data isolation
  2. Protection of model artefacts and container images
  3. Secure GenAI endpoints and RAG data sources.
• Monitor and respond to GuardDuty and Cloudtrail findings related to:
  1. IAM credential compromise and anomalous API behaviour
  2. EC2, EKS, and container runtime threats
  3. S3 data access anomalies
  4. Network reconnaissance and crypto mining activity.
• Integrate GuardDuty with Security Hub, CloudWatch, and SIEM platforms.
• Tune findings, suppress false positives and align alerts with operational priorities.
• Develop automated response playbooks using Lambda and Step Functions.
• Lead incident response activities, containment, and root cause analysis.
• Contribute to threat modelling exercises for cloud, ML, and GenAI architecture.
• Feed lessons learned back into detection rules and preventative controls.
• Support compliance with internal security baselines and external regulatory requirements.
• Define and enforce controls governing how context, prompts, tools, plugins, and external data sources are exposed to AI models.
• Work with MLOps and platform teams to ensure MCP implementations follow least privilege and data minimisation principles.
• Awareness of emerging Gen AI attack vectors such as context/prompt injection, data leakage.
• Integrate AWS WAF with API Gateway to protect against common web and API specific attack patterns.

Essential Skills / Experience

• Deep expertise in IAM, VPC security, encryption, and network segmentation.
• Proven hands‑on experience with Amazon GuardDuty in production environments.
• Familiarity with SageMaker security constructs and Bedrock access controls.
• Familiarity with EKS runtime security and container threat detection.
• Understanding of Stride framework for threat modelling.
• Understanding of data protection, privacy, and model lifecycle risks.
• Familiarity with WAF protections and API threat mitigation techniques.
• Experience integrating API Gateway with Lambda, SageMaker endpoints, and Bedrock‑backed services securely.
• Experience with performing continuous vulnerability management using Amazon Inspector to identify security risks across EC2 instances, container images (ECR), and Lambda functions, ensuring timely remediation of critical findings and alignment with cloud security baselines.
• Sound understanding of OAuth 2.0/OpenID connect integrations, mTLS where required.
• Strong understanding of API authentication, authorisation, throttling, and abuse prevention.

Desirable Skills / Experience

• Experience working in automation‑driven, IaC‑based environments.
• Ability to tune and optimise GuardDuty to reduce noise and improve detection accuracy.
• Ability to define standards for secure AI APIs, including GenAI, MCPs, and agent‑based systems.
• Understanding of Model Context Protocols (MCPs) or equivalent patterns used in GenAI systems to pass prompts, tools, and contextual data to models.
• Experience defining security controls for agent‑based or tool‑driven GenAI systems.
• Hands‑on experience securing Amazon API Gateway in production environments.
• AWS certifications strongly preferred – AWS Security Speciality.
• Familiarity with GenAI interaction standards, orchestration layers, or AI gateways.
• Hands-on delivery experience with Amazon Bedrock to run agentic apps safely in production and build observability around them.

Our Package

Tailored benefits make a real difference. That’s why we offer a comprehensive range to support your growth, wellbeing, and everyday life.
You can design the package to suit you and your lifestyle. Your core benefits include:
• 10% on target annual bonus
• Access to an online private GP 24/7 for you and your immediate family
• Market-leading paid carers leave with up to 2 weeks off
• Equalized maternity, paternity, and adoption leave – 18 weeks’ full pay and 8 weeks’ half pay
• Discounted EE and BT products, including mobile and broadband
• Market leading Pension scheme – 5% from you and 10% from us
• Holiday purchase scheme
You can select additional benefits, including healthcare, dental, gym memberships and more when you’re ready.
Ready to connect for good and help shape the future? Apply now

BT Group is the UK’s leading communications group and the holding company behind some of the country’s most recognised brands – including BT, EE, Openreach and Plusnet. Our purpose is as simple as it is ambitious: we connect for good. Our customers include consumers, small, medium and large businesses, public sector organisations and other communications providers.

BT Group’s role is about setting direction, unlocking value and creating the conditions for our brands and businesses to thrive.

Having come through the most capital-intensive phase of our fibre investment, our focus now is on what comes next – simplifying how we operate, using technology and AI to work smarter, and organising ourselves to serve customers better and grow sustainably. Group teams shape strategy, policy, brand, capital allocation and transformation, helping the whole organisation perform at its best.

We have a singular culture that unites all our people: we are customer-first challengers, who are committed, clear and connected. These behaviours unite us as one team to deliver for our colleagues, our customers, our stakeholders and the country. Joining BT Group means working at the heart of a business that matters to the UK, with the opportunity to shape decisions, influence outcomes and help set the future course of one of the country’s most important companies.