• Plan, coordinate and implement security solutions • Provide strategic and operational advice to clients on information security, ISMS and regulatory requirements (especially NIS2) • Manage measures for the sustainable implementation of security concepts • Establish, further develop and document ISMS according to ISO 27001 / ISO 2700x • Conduct gap analyses, risk assessments and maturity assessments • Prepare and support ISO 27001 certifications and internal/external audits • Implement and assess NIS2 requirements, including governance, risk management and reporting processes • Prepare and support regulatory assessments and examinations (e.g., NIS2) • Design and deliver training and awareness measures • Develop and improve incident management and contingency/emergency plans • Create business continuity plans and security policies

Role Description We are seeking a mid-level Cloud Security Engineer to join our Security Engineering team. This role is the first dedicated hire for cloud security within the organisation and will be critical in defining, implementing, and managing security controls across our Azure, AWS and SaaS environments. The successful candidate will work independently, reporting to the Head of Security Engineering, while collaborating with SOC, GRC, IT, Modern Workplace and Systems Engineering teams to build and mature our cloud security posture. Key Responsibilities - Cloud Security Framework: Define and implement the cloud security Framework in collaboration with IT Systems, SOC leadership, and GRC. - Implementation: - Recommending security best practices and implementing controls for Cloud Security and governance. - Implementation of automated security tooling to validate security requirements and identify potential issues. - Threat Detection & Incident Response: - Define threat detection and incident response processes and playbooks for cloud environments. - Collaborate with the SOC to operationalise detection rules and incident handling. - Compliance & Audit: - Support GRC in meeting evidence and compliance requirements for ISO27001, NCSC Cloud Security Principles, and SOC2. - Reviewing the outputs from security tools and security practices, filtering and prioritising these into security stories that can be understood and actioned by the delivery teams. - Collaboration & Enablement: - Influence and guide junior engineers and developers to adopt secure practices. - Upskill and train the wider security team in cloud security topics and tooling. - Identity & Access Management: - Provide input into IAM strategy and policy (RBAC, Conditional Access, MFA, least privilege), working closely with the IT and Systems teams. - Optional / Beneficial Areas: - Support automation of cloud security (IaC scanning, CI/CD integration). - Document standards, runbooks, and training material where appropriate. Qualifications - Previous experience in cloud security engineering or related roles. - Working knowledge of industry cloud security frameworks and best practice (CSA STAR, NCSC Cloud Security Principles). - Experience with automation and scripting (Python, PowerShell, Bash). - Proficiency with: - Azure security services: Defender for Cloud, Entra ID, Sentinel etc. - AWS security services: Security Hub, GuardDuty, IAM, Config, CloudTrail, CloudWatch. - Working knowledge of cloud incident response processes and procedures. - Strong understanding of security best practices in multi-cloud environments. Desirable Skills & Experience - Familiarity with Infrastructure as Code (Terraform). - Knowledge of cloud network security concepts (firewalls, NSGs, VPCs, private endpoints). - Exposure to compliance frameworks (ISO27001, SOC2, NCSC Cloud Security Principles). - Security certifications such as AZ-500, SC-100, AWS Security Specialty, CISSP, or CCSK. Embracing our differences At Kainos, we believe in the power of diversity, equity and inclusion. We are committed to building a team that is as diverse as the world we live in, where everyone is valued, respected, and given an equal chance to thrive. We actively seek out talented people from all backgrounds, regardless of age, race, ethnicity, gender, sexual orientation, religion, disability, or any other characteristic that makes them who they are. We also believe every candidate deserves a level playing field. Our friendly talent acquisition team is here to support you every step of the way, so if you require any accommodations or adjustments, we encourage you to reach out. We understand that everyone's journey is different, and by having a private conversation we can ensure that our recruitment process is tailored to your needs.

• Supports the SEC ISS contract by helping maintain a secure and compliant IT infrastructure through disciplined POAM and vulnerability management • Identifies, tracks, and assists with remediation of security vulnerabilities across infrastructure systems • Supports risk management activities, including documentation, reporting, and audit remediation support required to sustain operational authorization and security posture • Coordinates with technical teams to plan mitigation actions, drive POAM closure, and reduce recurring security risk • Supports development, implementation, and management of POAMs for IT infrastructure security findings • Tracks POAM milestones, ownership, due dates, and dependencies; escalates risks to closure timelines • Validates remediation evidence and updates POAM records to reflect status and completion • Maintains accurate POAM reporting to support contract deliverables and SEC oversight • Reviews vulnerability findings and assists with severity/impact assessment and prioritization • Coordinates with infrastructure and operations teams to implement timely remediation actions • Assists in resolving vulnerabilities through patching, configuration correction, and compensating controls • Helps monitor open vulnerabilities and promotes proactive measures to reduce reintroduction of findings • Supports security risk and compliance activities for ISS-supported systems • Assists with security documentation aligned to SOPs, change control, and system baselines • Provides support for audit remediation activities, including internal reviews and external oversight audits • Prepares recurring status updates on vulnerability trends, POAM health, and mitigation progress • Records remediation actions and supporting evidence in approved workflows • Coordinates with cross-functional teams to resolve blockers affecting remediation timelines • Supports surge and incident follow-up activities only as directed by contract tasking

• Define and design secure software architectures, establishing security patterns and guidelines for Java and Go applications. • Ensure that applications and platforms are protected by deploying and integrating security solutions across multiple technologies and geographies. • Design, implement, and standardize cryptography mechanisms, SSL/TLS certificate lifecycle management, and secret protection. • Lead and coordinate local and global security initiatives, aligning projects with international teams.