Cyber Security Engineer

Description:

Cyber Security Engineer

(Social Education Learning)

(3-Month Voluntary Work Experience Opportunity)

Are you passionate about protecting people's data and keeping digital platforms safe? Do you have the expertise to identify security vulnerabilities before they become real-world problems? Want to strengthen your portfolio while contributing to meaningful social impact? If yes, this could be the opportunity for you.

About Kewordal

Kewordal (kewordal.com) is an innovative social education platform designed to connect learners and educators in a collaborative, inclusive environment. Our users create "Kewordal lists" to improve their academic results while building social learning communities of friends, peers, teachers, and mentors (via the support of businesses), to enhance their prospects for success.

As we prepare to onboard real users with real personal data, payment details and subscription information, we are now seeking a talented Cyber Security Engineer to ensure the platform is safe, secure and compliant before we open the doors. This voluntary opportunity offers invaluable hands-on experience in the Tech for Good space, while contributing to meaningful educational innovation!

What You'll Do

As our Cyber Security Engineer, you'll:
Lead a comprehensive audit of our AWS cloud infrastructure — reviewing EC2 configurations, S3 bucket policies, IAM roles and permissions, security groups, VPC architecture, and cloud-native security controls to ensure our environment is hardened before go-live. This is a primary focus of the role.
Conduct end-to-end security testing of the Kewordal web application, covering both front-end and back-end systems.
Audit user authentication flows, account activation processes and session management for vulnerabilities such as token exposure and session hijacking risks.
Test all public and internal RESTful APIs for exposure, injection risks and improper access controls.
Review database access configurations and flag any patterns that could expose personal or sensitive user data.
Assess payment and subscription data flows for PCI-DSS relevant risks and data leakage.
Evaluate compliance with UK GDPR and EU data protection law, identifying gaps in data handling and user privacy practices.
Produce clear, structured audit reports documenting vulnerabilities, risk severity ratings and recommended remediation steps.
Collaborate with the engineering team to explain findings and advise on fixes — without writing the code yourself.
Advise on security best practices as new features are developed, helping embed a security-conscious culture across the team.
Support investor due diligence conversations by contributing security assurance documentation.

What's in it for You

Real-World Experience: Build your experience working on an actual live platform that will be used by learners globally.
Grow your skills — conduct meaningful security work across a full-stack production environment, from authentication flows to cloud data infrastructure.
Develop your portfolio with a real audit engagement, from vulnerability discovery through to remediation reporting.
Flexible remote work — work around your schedule while receiving constructive feedback to improve your craft.
Be part of Tech for Good — your work directly protects learners' data and contributes to equitable education and meaningful social impact.
Industry Insight: Gain valuable experience in the growing EdTech and Tech for Good sectors.
Professional References: Earn strong recommendations for future job applications and career development.

What We're Looking For

Strong, demonstrable experience securing AWS cloud environments — including EC2, S3, IAM, VPCs, security groups, and AWS-native security tooling (e.g. GuardDuty, CloudTrail, Config). This is a priority requirement for this role.
Demonstrable experience in web application security testing and/or penetration testing.
Strong working knowledge of the OWASP Top 10 and practical mitigation approaches.
Experience auditing RESTful APIs and back-end data flows for security vulnerabilities.
Familiarity with authentication protocols, JWT token management and session security (Keycloak experience preferred).
Understanding of UK GDPR, EU privacy regulations and data handling obligations for consumer-facing platforms.
Experience working with platforms that handle payments or sensitive personal data.
Excellent written communication skills — your reports need to be clear and actionable for both engineers and non-technical stakeholders.
Knowledge of Docker container security practices.
Experience with monitoring and observability tools (ELK/EFK stack, Prometheus, Grafana).
A methodical, independent working style — you can scope, plan and execute an audit with confidence.
Passion for technical innovation and a genuine problem-solving mindset.
Self-motivated and able to work independently while staying in regular contact with the team.

Desirable but not essential:

AWS security certifications (e.g. AWS Certified Security – Specialty).
Experience supporting start-ups through launch-readiness security reviews or investor due diligence.
Awareness of PCI-DSS requirements for platforms with payment integrations.

Why Join Us?

Your work supports closing the education gap and directly protects learners who face disadvantage.
You'll be our first dedicated security specialist — with real weight and influence from day one.
You'll gain concrete, demonstrable experience that will matter for your next role.
Enjoy technical ownership, honest feedback and a collaborative team that genuinely values what you bring — while contributing to something that matters.