Cloud Security Engineer

The Premier League is seeking a Cloud Security Engineer to lead the design, implementation, and operation of security controls across our cloud platforms. This role is responsible for securing Azure, AWS, and M365 environments, embedding secure-by-design principles into cloud architecture, and enhancing detection and response capabilities across the estate.

Who we are

The Premier League is home to some of the most competitive and compelling football in the world. The League and its Clubs use the power and popularity of the competition to inspire fans, communities and partners in the UK and across the world. The Premier League brings people together from all backgrounds. It is a competition for everyone, everywhere and is available to watch in over 900 million homes in 189 countries.

We have a wide variety of responsibilities. These include organising the competition and its Handbook Book as well as managing the centralised broadcast and commercial rights. The work we do in conjunction with the Clubs also goes far beyond the 90 minutes. We support and provide a framework for youth development, we protect the organisation’s intellectual property, support the wider game and community programmes, undertake international development work and liaise with governing bodies and other leagues.

The Premier League is an equal opportunities employer and strives to create an inclusive culture where talent can flourish. We believe in the potential of everyone and open our doors to those who share those values. All appointments will be made based on merit; however, we particularly encourage applications from women, people from minority ethnic communities, LGBTQ+ people and disabled people.  

Our hybrid-working model also allows you some variety on your place of work, offering you the chance to work from home on some days each week. Where possible, you will attend the office or site visits in line with our company policy. All staff liaise closely with their line manager to manage their time appropriately and according to their work and team requirements.

The role

Cloud platform security

• Deploy, and manage security controls across Azure, AWS, and Microsoft 365 environments.
• Apply and maintain Azure Policy, RBAC, and Privileged Identity Management (PIM).
• Secure cloud infrastructure using Microsoft Defender for Cloud and native platform capabilities.

Detection & response engineering

• Develop and improve cloud detection use cases within Microsoft Sentinel in collaboration with XDR provider.
• Integrate cloud telemetry (Azure, AWS, SaaS) into central monitoring.
• Support the Senior IS Analyst as the incident response lead in the investigation of cloud-related incidents as a subject matter expert.

CSPM & exposure management

• Own and operate all CSPM technology.
• Identify and remediate cloud misconfigurations and exposure risks.
• Work with Data Security to correlate infrastructure risk with data sensitivity.

DevSecOps & secure architecture

• Implement security controls infrastructure-as-code pipelines.
• Enforce secure configuration standards for cloud environments.
• Provide cloud security advice to DevOps on projects and cloud configuration.

Tooling, automation & integration

• Drive automation using PowerShell, CLI, Bicep, Terraform or equivalent.
• Integrate security tooling across identity, cloud, and monitoring platforms.
• Support integration of DSPM tooling into cloud environments and logging pipelines.

Collaboration & governance

• Work closely with IT TechOps and relevant third parties to maintain secure-by-design governance.
• Collaborate with Data Security on applying data protection controls within cloud platforms.
• Contribute to KPIs/KRIs and continuous improvement aligned to NIST CSF / ISO 27001.

Requirements for the role

• Ability to work independently and take initiative to drive outcomes.
• Previous experience in cloud infrastructure engineering.
• Strong experience with Microsoft Azure security tools and cloud configurations.
• Experience managing Microsoft 365 security and compliance solutions.
• Familiarity with AWS security principles and tooling (IAM, Security Hub, GuardDuty).
• Demonstratable use of Microsoft Defender XDR, Defender for Cloud, and Orca.
• Experience in scripting and automation using PowerShell, CLI, or infrastructure as code.
• Knowledge of SIEM/SOAR solutions (Microsoft Sentinel preferred).
• Experience responding to and analysing security incidents.
• Working knowledge of industry standards such as NIST CSF, ISO 27001, CIS Benchmarks.
• Comfortable communicating with both technical and non-technical audiences.
• Understanding of KPIs/KRIs in the context of cloud security monitoring.
• Qualified to or studying for certifications such as:

o   Microsoft Certified: Azure Security Engineer Associate (AZ-500)

o   Microsoft Certified: Cybersecurity Architect (SC-100)
o AWS Security Specialty
o CompTIA Security+
o GIAC Certified Cloud Security Automation (GCSA)

o AWS Security Specialty

o CompTIA Security+

o GIAC Certified Cloud Security Automation (GCSA)

Our commitment to safeguarding includes implementing robust safer recruitment procedures to assess the suitability of individuals applying for roles that involve work with children and adults who are or may be at risk of harm. For further information, please see our

Register Your Interest