Cloud Security Engineer

Job Description

We are hiring Cloud Security Engineer to uplift our AppSec engineering capability and own the availability, reliability, integration, and lifecycle of the SDLC security toolchain. This is a platform engineering role. Our AppSec toolset currently centres on GitHub Security following the retirement of Black Duck, and we expect to onboard a broader end-to-end consolidated application security platform. You will help us run today’s tooling well, and industrialise what comes next.

Important scope note: Infrastructure-as-Code (IaC) scanning is out of scope for this role (already transitioned and owned elsewhere) but in will be advantages if you have this experience.

Key responsibilities

1. Tooling reliability and operational ownership

• Own day-to-day health of the AppSec tooling stack: availability, performance, resilience, upgrades, and lifecycle management.
• Define and maintain SLOs, monitoring, alerting, capacity planning, and incident playbooks/runbooks.
• Establish clear support and maintenance procedures aligned to a platform-team model (frontline ops teams consume the tools and deliver the services).

2. SDLC integration and developer enablement

• Build and maintain secure, reusable CI/CD integrations (templates, standard pipelines, reusable workflows).
• Deliver friction-reducing automation: self-service onboarding, safe defaults, guardrails, and consistent configuration across repositories.
• Integrate tooling outputs into operational workflows (ticketing, reporting, and triage queues owned by frontline ops).

3. Governance, access control, and enterprise fit

• Ensure tooling aligns to enterprise needs: SSO/SAML, RBAC, audit logging, data handling, and platform security requirements.
• Produce clear documentation and reference patterns: how to onboard, how to maintain, and what good looks like.
• Partner with platform/DevOps teams to make changes safely with minimal business impact.

4. Tool strategy and onboarding (Q4 consolidation)

• Support evaluation activities: hands-on trials, integration prototypes, scoring input, and fit-for-environment validation.
• Plan and execute onboarding/migration: architecture, rollout waves, communications, deprecation strategy, and measurable adoption.
• Ensure cost, performance, and data impacts are understood and controlled.

Skills and experience

Must have

• Strong background in platform engineering, DevSecOps, or security tooling engineering with a track record of running production-grade tooling.
• Proven experience integrating security tooling into CI/CD at scale (workflow templates, reusable automation, API integration).
• Proven experience onboarding security tooling from scratch, including requirements gathering, drafting RFI/RFP documents, vendor scoring, proof-of-concepts, evaluation, contract finalisation, structured adoption planning, and leading enterprise-scale rollout/migration.
• Solid scripting/coding ability (e.g., Python, Go, or similar) and comfort with infrastructure-as-code concepts.
• Good operational instincts: debugging, incident response, change management, and writing runbooks people actually use.
• Ability to work across teams and influence outcomes without owning everyone’s priorities.
• Ability to translate technical concepts into clear, pragmatic options for senior stakeholders, product owners, and engineering teams.
• Strong documentation habits: runbooks, onboarding guides, reference architectures, and decision records that stay current.

Nice to have

• Experience building or operating an end-to-end AST stack (SAST, DAST, Secrets, SCA, SBOM, runtime signals).
• Familiarity with GitHub security configuration at enterprise scale (policy standardisation, repo onboarding automation, reporting).
• Experience with vendor onboarding/migrations (RFI/RFP support, pilots, phased rollout).

What would success looks like (first 6–12 months)

• Tooling availability is stable and measurable (SLOs, dashboards, low unplanned downtime).
• Onboarding is repeatable and self-service, with consistent patterns across teams.
• Scan failures and integration issues reduce materially due to better standards and automation.
• Q4 tool onboarding is executed in controlled phases with minimal disruption and clear adoption outcomes.

#LI-SS1

Maersk is committed to a diverse and inclusive workplace, and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race, colour, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, pregnancy or parental leave, veteran status, gender identity, genetic information, or any other characteristic protected by applicable law. We will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website, apply for a position, or to perform a job, please contact us by emailing accommodationrequests@maersk.com.