Senior Cloud Infrastructure Security Engineer

Описание вакансии

About us

PhysicsX is a deep-tech company with roots in numerical physics and Formula One, dedicated to accelerating hardware innovation at the speed of software.

We are building an AI-driven simulation software stack for engineering and manufacturing across advanced industries. By enabling high-fidelity, multi-physics simulation through AI inference across the entire engineering lifecycle, PhysicsX unlocks new levels of optimization and automation in design, manufacturing, and operations — empowering engineers to push the boundaries of possibility. Our customers include leading innovators in Aerospace & Defense, Materials, Energy, Semiconductors, and Automotive.

The Role

We’re hiring a Security Engineer to help design and build secure, scalable cloud environments from the ground up. You will work with our engineering teams to ensure that security is embedded into all layers of our infrastructure while enabling the product velocity and operational resilience.

What you will do

• Ensure security is built into every aspect of the PhysicsX platform infrastructure
• Design cloud security controls (e.g. IAM, VPC, KMS, secrets management, etc.) as part of core architecture
• Design, Build and manage infrastructure security configurations
• Support the infrastructure team and security teams triaging and remediating security vulnerabilities
• Automate infrastructure provisioning, hardening, and compliance guardrails

What you bring to the table

• 10+ years in cloud security architecture in large scale multi-cloud, multi-region platforms with strong isolation, governance, and reliability guarantees
• Ability to balance security risk, scalability, resilience, and developer velocity
• Deep expertise in Kubernetes security at scale (multi-cluster, multi-tenant, isolation models) Zero Trust architecture design and enforcement in Kubernetes-based platforms
• Hands-on experience with mTLS and Service Mesh (Istio, Linkerd, ambient mesh)
• Policy-as-code using OPA/Gatekeeper and/or Kyverno (admission control, secure defaults)
• Workload identity & IAM integration, including service-to-service authorization (SPIFFE/SPIRE a plus)
• Advanced Kubernetes network security using Cilium or Calico and NetworkPolicies, eBPF-based observability and Network Threat Detection & Layered Security (NTLS)
• Runtime and behavioural security with Falco or equivalent syscall based detection
• Infrastructure as Code with Crossplane (preferred) and/or Terraform
• GitOps driven platforms and secure-by-default provisioning workflows
• Cloud native supply chain security (Sigstore/Cosign, SBOMs, image scanning)
• Experience operating in high growth or early stage environments
• Strong crossfunctional collaboration and communication skills

Nice to Have Skills

• Relevant security certifications (e.g. CKS, CCSP)

We value diversity and are committed to equal employment opportunity regardless of sex, race, religion, ethnicity, nationality, disability, age, sexual orientation or gender identity. We strongly encourage individuals from groups traditionally underrepresented in tech to apply. To help make a change, we sponsor bright women from disadvantaged backgrounds through their university degrees in science and mathematics.

We collect diversity and inclusion data solely for the purpose of monitoring the effectiveness of our equal opportunities policies and ensuring compliance with UK employment and equality legislation. This information is confidential, used only in aggregate form, and will not influence the outcome of your application.