📍 Job Overview

Job Title: Cloud Security Engineer (Penetration Testing & TEE Focus)
Company: InfoSum
Location: Basingstoke, Hampshire, United Kingdom
Job Type: Hybrid (On-site & Remote)
Category: DevOps & Infrastructure
Date Posted: June 27, 2025
Experience Level: Mid-Senior Level (2-5 years)
Remote Status: Hybrid (On-site & Remote)

🚀 Role Summary

Secure SaaS Application: Conduct white-hat security testing on InfoSum's cloud-hosted SaaS application.
Vulnerability Assessment: Identify and report vulnerabilities across application layers, APIs, and infrastructure.
Collaboration: Work closely with development teams (Go and Node.js) to remediate security issues.
TEE Integration: Evaluate and test Trusted Execution Environments (TEE) solutions for secure data processing.
Risk Management: Conduct threat modeling and risk assessments to protect InfoSum's SaaS application.

📝 Enhancement Note: This role requires a strong focus on cloud security, penetration testing, and emerging technologies like Trusted Execution Environments (TEEs) to ensure the security and integrity of InfoSum's SaaS application.

💻 Primary Responsibilities

Penetration Testing: Perform white-hat penetration testing on InfoSum's cloud-hosted SaaS appliance.
Vulnerability Identification: Identify and report vulnerabilities across application layers, APIs, and infrastructure.
Collaboration with Development Teams: Work with Go and Node.js development teams to remediate security issues and implement secure practices.
TEE Evaluation: Evaluate and test TEE solutions (e.g., AWS Nitro Enclaves, Azure Confidential Computing, and Google Confidential Computing) for secure data processing.
Threat Modeling & Risk Assessment: Conduct threat modeling and risk assessments to protect InfoSum's SaaS application.
Security Tool Development: Develop and maintain security testing tools and automation scripts to streamline security processes.
Stay Current with Threats: Stay up-to-date with emerging security threats, vulnerabilities, and mitigation techniques to proactively protect InfoSum's SaaS application.

📝 Enhancement Note: This role requires a proactive approach to security, staying informed about emerging threats, and continuously improving InfoSum's security posture.

🎓 Skills & Qualifications

Education:

Relevant degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).

Experience:

Proven experience in penetration testing and ethical hacking (2-5 years).
Strong understanding of cloud security (AWS, Azure, GCP) with experience in penetration testing and ethical hacking in cloud environments.

Required Skills:

Penetration Testing: Proven experience in performing white-hat penetration testing and vulnerability assessments.
Cloud Security: Strong understanding of cloud security principles and best practices across AWS, Azure, and GCP.
Secure Coding: Knowledge of secure coding practices, OWASP Top 10, and CVEs.
TEE Familiarity: Experience with Trusted Execution Environments (TEEs) or confidential computing is a plus.
Security Tools: Proficiency with security testing tools like Burp Suite, Metasploit, Nmap, Wireshark, etc.
Risk Assessment: Experience in conducting threat modeling and risk assessments.

Preferred Skills:

Kubernetes & Container Security: Experience with Kubernetes and container security.
CI/CD Security Integration: Familiarity with integrating security into CI/CD pipelines.
Snowflake & Databricks: Experience with Snowflake and Databricks is a plus.
Red Team Experience: Experience in red teaming or advanced penetration testing scenarios.

📝 Enhancement Note: InfoSum values candidates with a strong foundation in penetration testing, cloud security, and a proactive approach to staying current with emerging security threats and technologies.

📊 Web Portfolio & Project Requirements

Portfolio Essentials:

Penetration Testing Reports: Include detailed penetration testing reports demonstrating your ability to identify, assess, and document vulnerabilities in cloud environments.
Risk Assessment Documentation: Showcase your risk assessment skills with examples of threat modeling and risk assessment documentation.
Security Tool Development: Highlight any security testing tools or automation scripts you've developed to streamline security processes.

Technical Documentation:

Penetration Testing Methodologies: Document your penetration testing methodologies, including preparation, execution, and reporting phases.
Risk Assessment Frameworks: Explain your approach to threat modeling and risk assessment, including any frameworks or methodologies you prefer.
Security Tool Development: Detail the security tools and automation scripts you've developed, including their functionality, benefits, and any challenges faced during development.

📝 Enhancement Note: InfoSum values candidates who can clearly articulate their penetration testing methodologies, risk assessment approaches, and security tool development processes.

💵 Compensation & Benefits

Salary Range: £50,000 - £70,000 per annum (based on experience and performance)

Benefits:

Annual Leave: 25 days annual leave (excluding bank holidays).
Pension Contribution: 8% pension contribution.
Private Health Care: Private health care via Vitality.
Corporate Discounts & Mental Wellbeing Support: Fantastic corporate discounts and mental wellbeing support via Perkbox, including a top-of-the-line Employee Assistance Program (EAP).
Salary Sacrifice Schemes: Available for various benefits, such as cycle-to-work schemes and childcare vouchers.
Snacks & Catered Lunches: Fully stocked fridge, snacks, and catered lunches twice a week in the Basingstoke and London offices.
Monthly Socials: Regular social events to foster team bonding and engagement.
Extra Days Off: Three extra days off during the Christmas holidays and half-day Fridays during the summer months of July and August.

📝 Enhancement Note: InfoSum offers a competitive salary and an extensive benefits package to attract and retain top talent in the cloud security and penetration testing fields.

🎯 Team & Company Context

🏢 Company Culture

Industry: InfoSum operates in the data collaboration and privacy technology sector, focusing on secure data sharing and privacy-preserving analytics.

Company Size: InfoSum is a mid-sized company with a growing team of over 100 employees, providing ample opportunities for collaboration and career growth.

Founded: InfoSum was founded in 2018, with a mission to revolutionize data collaboration and enable secure, privacy-preserving analytics.

Team Structure:

Security Team: The security team consists of dedicated professionals responsible for protecting InfoSum's SaaS application and ensuring the security of its customers' data.
Development Teams: InfoSum's development teams consist of skilled engineers working on the core SaaS application, using Go and Node.js technologies.
Cross-Functional Collaboration: InfoSum fosters a collaborative environment, encouraging cross-functional collaboration between security, development, and other teams to ensure user experience, performance, and security are considered throughout the development lifecycle.

Development Methodology:

Agile/Scrum: InfoSum follows Agile/Scrum methodologies, with regular sprint planning and code reviews to ensure high-quality, secure software delivery.
CI/CD Pipelines: InfoSum employs CI/CD pipelines to automate deployment processes, ensuring rapid and reliable software delivery.
Server Management: InfoSum's DevOps team manages servers and infrastructure, working closely with the security team to ensure secure and reliable operations.

Company Website: InfoSum

📝 Enhancement Note: InfoSum's culture emphasizes collaboration, innovation, and a strong commitment to security and privacy, making it an ideal environment for cloud security professionals seeking to make a significant impact.

📈 Career & Growth Analysis

Cloud Security Engineer Role Level: This role is a mid-senior level position, requiring a strong foundation in penetration testing, cloud security, and a proactive approach to staying current with emerging security threats and technologies. The role involves significant responsibility for InfoSum's SaaS application security and offers ample opportunities for career growth and technical leadership.

Reporting Structure: The Cloud Security Engineer reports directly to the Head of Security and works closely with the development teams, DevOps team, and other stakeholders to ensure InfoSum's SaaS application remains secure and resilient.

Technical Impact: The Cloud Security Engineer plays a critical role in identifying and mitigating vulnerabilities, assessing risks, and implementing secure practices across InfoSum's SaaS application. Their work directly impacts the security and integrity of InfoSum's customers' data and the overall success of the company.

Growth Opportunities:

Technical Leadership: As InfoSum grows, there will be opportunities for the Cloud Security Engineer to take on more technical leadership responsibilities, mentoring junior team members, and driving security initiatives across the organization.
Emerging Technologies: InfoSum encourages its employees to stay current with emerging security technologies, providing opportunities to explore and integrate new tools and techniques into the company's security posture.
Career Progression: With experience and demonstrated success, the Cloud Security Engineer may progress to senior roles, such as Senior Cloud Security Engineer, Security Architect, or even Head of Security.

📝 Enhancement Note: InfoSum offers a dynamic and challenging environment for cloud security professionals seeking to grow their careers and make a significant impact on the company's security posture.

🌐 Work Environment

Office Type: InfoSum's offices in Basingstoke and London provide modern, collaborative workspaces designed to foster creativity and innovation.

Office Location(s): InfoSum's offices are located in Basingstoke and London, with flexible hybrid work arrangements allowing employees to work from home or on-site as needed.

Workspace Context:

Collaborative Environment: InfoSum's offices feature open-plan workspaces, encouraging collaboration and communication between teams.
Development Tools & Equipment: InfoSum provides its employees with the latest development tools, multiple monitors, and testing devices to ensure optimal productivity and performance.
Cross-Functional Collaboration: InfoSum's offices are designed to facilitate cross-functional collaboration, with dedicated spaces for team meetings, workshops, and social events.

Work Schedule: InfoSum offers a flexible work schedule, with core hours between 10:00 AM and 4:00 PM. Employees are encouraged to work hours that best suit their individual needs and preferences, with regular communication and coordination with their teams.

📝 Enhancement Note: InfoSum's work environment is designed to support collaboration, innovation, and work-life balance, providing a supportive and engaging environment for cloud security professionals to thrive.

📄 Application & Technical Interview Process

Interview Process:

Technical Phone Screen: A brief phone or video call to discuss your technical background, experience, and career goals.
Technical Deep Dive: A more in-depth technical discussion, focusing on your penetration testing, cloud security, and TEE experience. Be prepared to discuss specific examples of your work and the challenges you've faced in previous roles.
Behavioral & Cultural Fit Assessment: A conversation to assess your cultural fit with InfoSum, focusing on your problem-solving skills, communication, and collaboration abilities.
Final Evaluation: A final discussion with the hiring manager and other stakeholders to evaluate your overall fit for the role and InfoSum's team.

Portfolio Review Tips:

Detailed Reports: Include detailed penetration testing reports demonstrating your ability to identify, assess, and document vulnerabilities in cloud environments.
Risk Assessment Documentation: Showcase your risk assessment skills with examples of threat modeling and risk assessment documentation.
Security Tool Development: Highlight any security testing tools or automation scripts you've developed to streamline security processes.

Technical Challenge Preparation:

Penetration Testing Scenarios: Familiarize yourself with penetration testing scenarios and tools relevant to cloud environments, such as AWS, Azure, and GCP.
Risk Assessment Frameworks: Brush up on your knowledge of threat modeling and risk assessment frameworks, such as STRIDE, PASTA, or VAST.
Security Tool Development: Prepare examples of security testing tools or automation scripts you've developed, including their functionality, benefits, and any challenges faced during development.

ATS Keywords: [Provided in the ATS Keywords section below]

📝 Enhancement Note: InfoSum's interview process is designed to assess your technical skills, cultural fit, and problem-solving abilities, providing a comprehensive evaluation of your suitability for the Cloud Security Engineer role.

🛠 Technology Stack & Web Infrastructure

Cloud Platforms:

AWS: InfoSum's SaaS application is primarily hosted on AWS, with a focus on security, scalability, and high availability.
Azure & GCP: InfoSum also leverages Azure and GCP for specific services and workloads, requiring a strong understanding of multi-cloud environments.

Programming Languages & Frameworks:

Go: InfoSum's core SaaS application is developed using the Go programming language, with a focus on performance, concurrency, and simplicity.
Node.js: InfoSum's API and web services are built using Node.js, leveraging its event-driven, non-blocking I/O model for efficient and scalable applications.

Security Tools & Technologies:

Burp Suite: InfoSum uses Burp Suite for web application security testing, manual and automated scanning, and intrusion detection.
Metasploit: InfoSum employs Metasploit for penetration testing, vulnerability assessment, and exploit development.
Nmap: InfoSum uses Nmap for network discovery, mapping, and vulnerability detection.
Wireshark: InfoSum leverages Wireshark for network protocol analysis, packet capture, and live traffic analysis.
Trusted Execution Environments (TEEs): InfoSum is evaluating and testing various TEE solutions, such as AWS Nitro Enclaves, Azure Confidential Computing, and Google Confidential Computing, for secure data processing and enhanced security.

📝 Enhancement Note: InfoSum's technology stack emphasizes cloud security, performance, and scalability, requiring a strong understanding of cloud platforms, programming languages, and security tools relevant to cloud environments.

👥 Team Culture & Values

Cloud Security Values:

Proactive Security: InfoSum values a proactive approach to security, staying informed about emerging threats and continuously improving the company's security posture.
Collaboration: InfoSum fosters a collaborative environment, encouraging cross-functional collaboration between security, development, and other teams to ensure user experience, performance, and security are considered throughout the development lifecycle.
Continuous Learning: InfoSum encourages its employees to stay current with emerging security technologies, providing opportunities to explore and integrate new tools and techniques into the company's security posture.
Customer Focus: InfoSum is committed to protecting its customers' data and ensuring the security and integrity of its SaaS application.

Collaboration Style:

Cross-Functional Integration: InfoSum encourages cross-functional integration between security, development, and other teams, ensuring user experience, performance, and security are considered throughout the development lifecycle.
Code Review Culture: InfoSum follows a code review culture, with regular code reviews and pair programming sessions to ensure high-quality, secure software delivery.
Knowledge Sharing: InfoSum fosters a culture of knowledge sharing, with regular team meetings, workshops, and training opportunities to ensure all team members stay current with the latest security trends and best practices.

📝 Enhancement Note: InfoSum's cloud security team values proactivity, collaboration, continuous learning, and a strong customer focus, providing a supportive and engaging environment for cloud security professionals to thrive.

⚡ Challenges & Growth Opportunities

Technical Challenges:

Cloud Security: InfoSum's SaaS application is deployed across multiple cloud providers, requiring a strong understanding of cloud security best practices and the ability to identify and mitigate vulnerabilities in cloud environments.
Emerging Technologies: InfoSum is evaluating and testing various Trusted Execution Environments (TEE) solutions, requiring a strong understanding of emerging security technologies and the ability to integrate new tools and techniques into the company's security posture.
Risk Assessment: InfoSum requires a proactive approach to risk assessment, with a strong understanding of threat modeling and risk assessment frameworks to ensure the security and integrity of the company's SaaS application.
Performance Optimization: InfoSum's SaaS application must maintain high performance and scalability, requiring a strong understanding of performance optimization techniques and the ability to identify and mitigate performance bottlenecks.

Learning & Development Opportunities:

Technical Skill Development: InfoSum encourages its employees to stay current with emerging security technologies, providing opportunities to explore and integrate new tools and techniques into the company's security posture.
Conference Attendance & Certification: InfoSum supports its employees' professional development by providing opportunities to attend industry conferences, obtain relevant certifications, and engage with the broader security community.
Technical Mentorship & Leadership: InfoSum offers technical mentorship and leadership opportunities, allowing cloud security professionals to grow their careers and take on more significant technical responsibilities within the organization.

📝 Enhancement Note: InfoSum's technical challenges and growth opportunities provide ample opportunities for cloud security professionals to develop their skills, expand their knowledge, and make a significant impact on the company's security posture.

💡 Interview Preparation

Technical Questions:

Cloud Security: Be prepared to discuss your experience with cloud security, including best practices, vulnerabilities, and mitigation techniques relevant to AWS, Azure, and GCP.
Penetration Testing: Brush up on your knowledge of penetration testing methodologies, tools, and techniques relevant to cloud environments.
Risk Assessment: Familiarize yourself with threat modeling and risk assessment frameworks, such as STRIDE, PASTA, or VAST, and be prepared to discuss your approach to risk assessment in cloud environments.
Trusted Execution Environments (TEEs): Research Trusted Execution Environments (TEEs) and be prepared to discuss their benefits, challenges, and integration into InfoSum's SaaS application.

Company & Culture Questions:

InfoSum's Mission & Values: Research InfoSum's mission, values, and culture, and be prepared to discuss how you align with the company's commitment to data collaboration, privacy, and security.
Cross-Functional Collaboration: Prepare examples of your experience working collaboratively with development, design, and other teams to ensure user experience, performance, and security are considered throughout the development lifecycle.
Problem-Solving & Communication: Be prepared to discuss your approach to problem-solving, communication, and collaboration in a dynamic and fast-paced environment.

Portfolio Presentation Strategy:

Detailed Reports: Include detailed penetration testing reports demonstrating your ability to identify, assess, and document vulnerabilities in cloud environments.
Risk Assessment Documentation: Showcase your risk assessment skills with examples of threat modeling and risk assessment documentation.
Security Tool Development: Highlight any security testing tools or automation scripts you've developed to streamline security processes.
User Experience & Performance: Prepare to discuss the user experience and performance implications of your security recommendations, and how you've worked with development teams to ensure InfoSum's SaaS application remains secure, performant, and user-friendly.

📝 Enhancement Note: InfoSum's interview process is designed to assess your technical skills, cultural fit, and problem-solving abilities, providing a comprehensive evaluation of your suitability for the Cloud Security Engineer role.

📌 Application Steps

To apply for the Cloud Security Engineer (Penetration Testing & TEE Focus) position at InfoSum:

Submit Your Application: Click the "Apply" button on the job listing to submit your application through Workable.
Customize Your Portfolio: Tailor your portfolio to highlight your penetration testing, cloud security, and TEE experience, focusing on specific examples of your work and the challenges you've faced in previous roles.
Optimize Your Resume: Highlight your relevant technical skills, experience, and achievements, focusing on penetration testing, cloud security, and emerging security technologies.
Prepare for Technical Interviews: Brush up on your knowledge of penetration testing, cloud security, and TEE technologies, and be prepared to discuss specific examples of your work and the challenges you've faced in previous roles.
Research InfoSum: Familiarize yourself with InfoSum's mission, values, and culture, and be prepared to discuss how you align with the company's commitment to data collaboration, privacy, and security.

⚠️ Important Notice: This enhanced job description includes AI-generated insights and cloud security industry-standard assumptions. All details should be verified directly with InfoSum before making application decisions.

Content Guidelines (IMPORTANT: Do not include this in the output)

Cloud Security & Penetration Testing Focus:

Tailor every section specifically to cloud security and penetration testing roles, emphasizing cloud security best practices, vulnerability assessment, and risk management.
Include cloud security methodologies, penetration testing tools, and emerging security technologies relevant to cloud environments.
Address cloud security career progression paths and technical leadership opportunities in cloud security teams.
Provide tactical advice for penetration testing, risk assessment, and security tool development in cloud environments.
Emphasize cloud security interview preparation and coding challenge guidance, focusing on cloud-specific scenarios and tools.

Quality Standards:

Ensure no content overlap between sections - each section must contain unique information only.
Only include Enhancement Notes when making significant inferences about cloud security processes, penetration testing methodologies, or team structure.
Be comprehensive but concise, prioritizing actionable information over descriptive text.
Strategically distribute cloud security and penetration testing-related keywords throughout all sections naturally.
Provide realistic salary ranges based on location, experience level, and cloud security specialization.

Industry Expertise:

Include specific cloud security technologies, platforms, and infrastructure tools relevant to the role.
Address cloud security career progression paths and technical leadership opportunities in cloud security teams.
Provide tactical advice for penetration testing, risk assessment, and security tool development in cloud environments.
Include cloud security-specific interview preparation and coding challenge guidance, focusing on cloud-specific scenarios and tools.
Emphasize cloud security team culture, cross-functional collaboration, and user impact measurement.

Professional Standards:

Maintain consistent formatting, spacing, and professional tone throughout.
Use cloud security and penetration testing industry terminology appropriately and accurately.
Include comprehensive benefits and growth opportunities relevant to cloud security professionals.
Provide actionable insights that give cloud security candidates a competitive advantage.
Focus on cloud security team culture, cross-functional collaboration, and user impact measurement.

Technical Focus & Portfolio Emphasis:

Emphasize cloud security best practices, performance optimization, and accessibility standards.
Include specific portfolio requirements tailored to the cloud security discipline and role level.
Address browser compatibility, accessibility standards, and user experience design principles in the context of cloud security.
Focus on problem-solving methods, performance optimization, and scalable architecture in cloud environments.
Include technical presentation skills and stakeholder communication for cloud security projects.

Avoid:

Generic business jargon not relevant to cloud security or penetration testing roles.
Placeholder text or incomplete sections.
Repetitive content across different sections.
Non-technical terminology unless relevant to the specific cloud security role.
Marketing language unrelated to cloud security or penetration testing.

Generate comprehensive, cloud security-focused content that serves as a valuable resource for cloud security professionals evaluating career opportunities and preparing for technical interviews in the cloud security industry.

Cloud Security Engineer (Penetration Testing & TEE Focus)