SR2 is seeking two SC-cleared Cloud Security Engineers with deep expertise in AWS GuardDuty to support the delivery of secure and scalable cloud environments for a high-priority central government digital initiative.

This role will place you at the centre of cloud-native threat detection and response, with a specific focus on deploying, tuning, and operationalising GuardDuty. You will act as the subject matter expert for integrating GuardDuty across multiple AWS accounts and ensuring that detection capabilities are aligned to threat models, incident response playbooks, and compliance objectives.

Key Responsibilities:

• Act as SME for AWS GuardDuty: deployment, configuration, alert tuning, and integration with downstream response processes
• Work with platform, architecture, and SOC teams to embed GuardDuty into security operations and agile delivery workflows
• Define detection rules and thresholds aligned to business risk and threat profiles
• Advise on triage processes, integration with SIEM tooling, and use of GuardDuty findings for incident investigation
• Support wider AWS security efforts including posture management, governance, and compliance monitoring

Essential Skills & Experience:

• Extensive experience in cloud security engineering with a specific focus on AWS GuardDuty
• Strong understanding of AWS-native security services including IAM, KMS, CloudTrail, Security Hub, Config, and Macie
• Demonstrable experience in setting up governance frameworks using AWS Config Rules, SCPs, and AWS Organizations
• Familiarity with automating security controls using Python, Bash, or Infrastructure-as-Code tools (e.g., Terraform)
• Ability to operate effectively within government or highly regulated environments, and to articulate security risk in context
• Excellent documentation and communication skills with experience presenting findings and recommendations to technical and non-technical stakeholders

Desirable:

• Hands-on experience integrating AWS logs into SIEM platforms (e.g., Splunk, ELK) for correlation and alerting
• Familiarity with containerised workloads and security for EKS or similar environments
• Relevant AWS certifications (e.g., AWS Certified Security – Specialty, Solutions Architect)