This website uses cookies to ensure you get the best experience.

tombola and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
tombola career site
Technology · Sunderland, UK · Hybrid

Cloud Security Engineer - Sunderland (Hybrid)

Ready to be our next Cloud Security Engineer? We're on the lookout for a tech whiz to join our brilliant team in Sunderland and help us keep things super secure for our players and our business. If you're passionate about cloud security and love a challenge, you're in the right place!

Cloud Security Engineer

At tombola, we take security seriously – but we also like to have a bit of fun while we're at it! As our Cloud Security Engineer, you'll be building on our existing operational security, with a special focus on protecting our cloud infrastructure. You'll be hands-on, designing, implementing, and managing top-notch security solutions across all our cloud environments.

You'll also play a key part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management – keeping us one step ahead!

What you'll be doing:

  • Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations Centre (SOC) capabilities for the business.
  • Driving Automation: You'll push for security automation wherever possible and play a big part in evolving our security tooling and services.
  • Policy & Standards: You'll champion the adoption and adherence to our InfoSec policy, standards, and guidelines.
  • Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats.
  • Incident Response: You'll actively monitor for security incidents and jump into action with our incident response teams to contain, investigate, and prevent future security hiccups.
  • Defining Controls: You'll help define our operational security requirements and put the right controls in place to keep security risks at bay, all while sticking to regulations and industry best practices.
  • Collaboration: You'll work hand-in-hand with our Infrastructure, Platform, and IT Services teams, making the most of a SecOps approach.
  • Mentoring: You'll provide guidance and support to less experienced team members, helping them grow.
  • Data Loss Prevention (DLP): You'll monitor, maintain, and enhance our DLP controls across email, endpoints, and cloud services.
  • Data-Centric Security: You'll champion a data-centric security approach, making sure data classification, handling, and protection are embedded from design to deployment.
  • Zero Trust: You'll promote and support Zero Trust Architecture principles, continuously verifying identities, devices, and access requests.
  • Security Awareness: You'll develop and maintain internal security awareness materials to educate our staff on evolving threats.
  • Attack Simulation: You'll contribute to planning and delivering attack simulation training (like phishing campaigns) to boost user resilience.
  • Flutter Collaboration: You'll liaise with other Flutter brands, ensuring our security approaches and technology align.
  • Cloud Security Integration: You'll work with development, DevOps, and cloud engineering teams to embed cloud security controls into our CI/CD workflows and infrastructure-as-code.
  • Cloud Security Posture: You'll utilise cloud-native and third-party security tools to keep an eye on our cloud security posture and ensure we're always aligned with best practices.

What you'll bring:

  • Hands-on technical experience supporting security solutions on cloud technology platforms (preferably AWS, including EC2, VPC, IAM, S3, Control Tower, Config, Security Hub) and traditional on-premise environments.
  • Awareness of how to secure a mix of Linux, Windows, Apple & Android OS.
  • Knowledge of network perimeter security, including firewalls, WAF, anti-virus, and O365 compliance & security centre.
  • Familiarity with NIST (CSF Framework 2.0), ISO 27001, PCI-DSS, and GDPR.
  • Experience operating and managing SIEM solutions, vulnerability management tools, and secure configuration tooling.
  • Ability to use PowerShell and Python scripting for security automation.
  • Experience working in or with agile and/or SecOps oriented teams.
  • A proven track record of analysing security requirements and applying architectural best practices.
  • Previous work experience in an IT, InfoSec, or system administration role.
  • Commercial awareness and the ability to balance security needs with operational flexibility.
  • Confidence in promoting security best practices across all business levels.

Bonus points if you have:

  • Professional qualifications like CompTIA Security+ or AWS certifications.
  • Experience contributing to the security architecture and design of cloud-native solutions, including secure workload deployment, cloud network segmentation, and IAM strategies within AWS.
  • Proficiency in implementing and managing Cloud Security Posture Management (CSPM) tools.
  • Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines.
  • Working knowledge of DevSecOps methodologies.
  • Ability to contribute to cloud solution threat modelling and secure design reviews.

A bit about you:

  • Passion! You're genuinely passionate about your career path and love what you do.
  • Communication skills. You can express your ideas clearly, whether you're chatting with technical gurus or non-technical colleagues.
  • A desire to learn. We're all about continuous improvement, and we want people who want to improve themselves too.
  • Confidence to suggest improvements. Got a brilliant idea? We want to hear it! We're always looking to do things better.
  • Highly motivated with a "can do" attitude and the ability to use your own initiative.
  • A "down to earth" working style.
  • A spirit of fun and engagement!

Ready to join our amazing team and help us keep tombola safe and secure for everyone? Apply now and let's chat!

Department
Technology
Role
Information Security
Locations
Sunderland, UK
Remote status
Hybrid
Picture of Andrew Poxton
Contact Andrew Poxton TA Partner – People

Colleagues

Picture of Paul Bird
Paul Bird
Head of InfoSec & DPO

Our vacancies

More jobs
Technology · Sunderland, UK · Hybrid

Cloud Security Engineer - Sunderland (Hybrid)

Loading application form

Already working at tombola?

Let’s recruit together and find your next colleague.