Canada Life UK is seeking a Senior Application & Cloud Security Engineer to serve as the foundational security hire within our Technology organization, reporting to the VP of Data Engineering. You will own and drive security across our application portfolio and multi-cloud infrastructure (AWS and GCP), working hands-on to harden systems and operationalize the company's security roadmap.

What You'll Do

Lead application security for our Label Engine (PHP 8.x / Laravel / MySQL / Redis / Elasticsearch) and web applications across the portfolio.
Secure royalty processing, accounting, and payment workflows handling sensitive financial data.
Implement and manage SAST, DAST, and SCA tooling integrated into CI/CD pipelines.
Conduct code-level security reviews for OWASP Top 10 and Laravel-specific attack vectors.
Define and enforce API security standards, including OAuth 2.0, rate limiting, and input validation.
Secure and harden AWS infrastructure (EC2, RDS, S3, CloudFront, Lambda, IAM, VPC).
Secure GCP environments for our data and AI platform (BigQuery, Pub/Sub, Cloud Run/GKE, IAM).
Implement Cloud Security Posture Management across AWS and GCP, enforcing guardrails and compliance baselines.
Harden container/Kubernetes security, secrets management, and network policies.
Support identity federation and SSO implementation.
Build out security monitoring, SIEM, incident response, and vulnerability management.
Help operationalize the company's security roadmap across all security domains.

What We're Looking For

5+ years of experience in application security, cloud security, or security engineering roles.
Strong PHP/Laravel application security expertise.
Deep AWS security knowledge (IAM, VPC, S3, KMS, CloudTrail, GuardDuty, Security Hub, WAF).
Solid GCP security experience (IAM, VPC Service Controls, Security Command Center, Cloud Armor).
Proficiency with SAST/DAST/SCA tools such as Semgrep, SonarQube, Snyk, Burp Suite, or OWASP ZAP.
Experience securing financial transaction or payment processing applications.
Container security experience with Docker and Kubernetes/GKE, including image scanning and runtime protection.
Strong IAM understanding, including SAML, OIDC, SCIM, MFA, and privileged access management.
Familiarity with SOC 2, ISO 27001, NIST CSF, and CIS Benchmarks.
SIEM/log management experience with detection and alerting rules.

Nice to Have

Bachelor's degree in Computer Science, Cybersecurity, or a related field preferred (not required with equivalent experience).
Experience with PCI-DSS compliance, Infrastructure as Code security (Terraform), or music/media industry experience.
Certifications such as AWS Security Specialty, GCSPE, OSCP, GWAPT, or CISSP.

Technical Stack

Languages/Frameworks: PHP 8.x, Laravel
Databases/Storage: MySQL, Redis, Elasticsearch
AWS: EC2, RDS, S3, CloudFront, Lambda, IAM, VPC, KMS, CloudTrail, GuardDuty, Security Hub, WAF
GCP: BigQuery, Pub/Sub, Cloud Run, GKE, IAM, VPC Service Controls, Security Command Center, Cloud Armor
Containers/Orchestration: Docker, Kubernetes/GKE
Security Tooling: SAST/DAST/SCA tools (Semgrep, SonarQube, Snyk, Burp Suite, OWASP ZAP), Terraform

Team & Environment

This role is the foundational security hire within the Technology organization, reporting directly to the VP of Data Engineering. You will be instrumental in building and shaping the security function.