About us

Internet connected and smart home products are growing areas for Dyson where we aim to continue our reputation of being innovative and disruptive. Since our first launch of products in connected space, we have grown fast to several millions of connected machines, and we are envisioning a steep growth in 2026 and beyond both in scale and connected features.

We want to build reliable, scalable, and secure services and features to support these increasing demands with innovative and competitive technologies in IoT, Machine Data Lake, Data Analytics and Machine Learning to support our vision. We have a 'You build it, you run it' ethos and run all our services within Amazon Web Services (AWS). Our teams are responsible for the architecture, development, testing, and operational support of their services in all environments. We are a global department with teams located in the UK, Singapore, and China and we encourage flexible, independent, and innovative thinking in our engineers to deliver solutions.

About the role

As a Lead Cloud Security Engineer in the Connected Cloud department, you'll collaborate with cloud development teams and engineers to secure our cloud native IoT platform, associated tooling, and deployed cloud services. We primarily leverage AWS to host and secure our services, along with:

• Cloudflare to protect our public facing endpoints
• Azure DevOps for CI/CD orchestration
• AWS OpenSearch/ELK, Grafana for application monitoring
• Palo Alto Prisma Cloud for compliance monitoring and adherence with cloud best practices
• Veracode for SAST/SCA for scanning our cloud microservices and containers
• C#, Node.js, and Python to create our services

You will be:

• Defining security requirements, guidelines and policies for our engineers, platforms, tooling and services
• Responsible for promoting good security hygiene and best practices
• Working alongside our Cloud teams supporting, assisting and advising how to design and build secure services and platforms
• Identifying and assessing our security risks, threats and vulnerabilities and provide a pragmatic approach for applying mitigation where necessary
• Advocating a shifting left mentality to ensure possible threats or security issues are addressed early within the development cycle
• Working with the wider software teams to design and improve the security of our current and future products
• Ensuring we comply with regulatory requirements and Dyson security standards
• Identifying new technologies, tools, and approaches to help continually improve our security standards and quality
• Act as point of contact for any security related queries or issues and educate our engineers in security best practices
• Investigate and mitigate security incidents and bug bounty escalations

About you

• Experienced in application security workflows in public cloud providers (e.g. AWS)
• Some level of coding experience (in any language)
• Experienced in security tools for software development: SCA, SAST, CSPM, CNAPP, and secrets management.
• Experienced in cyber risk and vulnerability management for cloud native workloads, common web-based connectivity for IoT and mobile devices
• Experienced with supporting audit activities hosted by internal or external parties.
• Working knowledge of Web Application Firewalls, ideally Cloudflare.
• Working knowledge of Public Key Infrastructure and related operation activities
• Working knowledge of data privacy frameworks/regulations like EU's GDPR & EU CRA, specifically the responsibilities of a cloud service provider for mobile apps & IoT devices.
• Working knowledge in cybersecurity frameworks like CIS or NIST.