32–40 hours · Amersfoort/Hybrid · Energy market · Start: February 1, 2026 · Duration: 6 months, with option to extend

Hello interim Security Specialist AWS Cloud! Would you like to work at the heart of the energy transition?
EDSN is a rapidly growing organization. At EDSN, you will contribute to making the Netherlands more sustainable. Every day. Together with our partners in the energy sector. With your knowledge of AWS Cloud Security, Landing Zone governance, identity & access, secrets management, and network security, you will ensure a secure and compliant cloud foundation that market parties can build on. In doing so, you will contribute tosustainable market facilitation. We have big ambitions, which is why we are looking for you!

🎯 Key responsibilities

• Manage, improve, and monitor the AWS security posture of the Atlas environment

• Implementing and maintaining AWS Data Perimeter measures

• Advising teams on secure-by-design architecture

• Conducting security reviews, threat modeling, and risk analyses

• Support with incident response and forensics

• Developing and improving security policies, baselines, and guardrails

• Collaborate with Cloud Engineers, POs, and Security teams to mitigate risks
   

Work full of energy (goal & challenge)

You link EDSN's inspiring goal—accelerating the energy transition with securedata services—toAtlas's concrete challenge: keeping a multi-account AWS platform secure, demonstrably compliant, and easy to use.
Key challenges for the coming months:

• Tighten guardrails: further develop policy and detection (Security Hub/GuardDuty), secure evidence, and reduce noise.
• Operationalizing network security: from alert-only to effective and secure rules in the Exit Gateway in coordination with teams.
• Secrets & IAM in order and demonstrable: RBAC/Federation via Azure AD, Secrets Manager rotation(180 days in Terraform) and audit/evidence in accordance with baseline/controls.
• Clear segmentation and responsibilities: unambiguous separation of zones, roles, and shared responsibility between the platform and purchasing teams.

This is what you will do

• Design, improve, and automate AWS security controls (Organizations/SCPs, IAM Identity Center, KMS, Config, CloudTrail, Security Hub, GuardDuty).
• Network security: contributing to policy and implementation regarding AWS Network Firewall (Exit Gateway), routing, and VPC segmentation; setting up runbooks and monitoring.
• Secrets management and evidence: demonstrably implement rotation policy, RBAC access, and audit logs; document and provide evidence of controls (e.g., CRY.1.4/CRY.1.5).
• Working on Account Vending and building blocks (Terraform modules) so that new accounts comply with the Security Baseline by default.
• Incident and vulnerability handling: classifying, triaging, and following up on alerts (including container runtime protection), together with customer teams.
• Enablement & advice: helping teams make security-conscious choices, share knowledge, and drive improvement initiatives in a scalable platform environment.

Collaboration and knowledge sharing

You will work closely with our Product Owner and Scrum Master and coordinate regularly with other ITF teams. You will organize knowledge sessions, write guides, and work in pairs with engineers from customer teams to implementsecurity by design. (Collaboration with other teams, including Base64/Watchdog, occurs regularly in relation to network and core services.)

This is what energizes you

• Making complex platform issues simple and reliable with a real impact on the energy transition.
• Automating security: policies, controls, and evidence as code (Terraform).
• Working in a multi-account environment with clear shared responsibility and team enablement. 
• Turn alerts into insights and action, and noticeably increase your security level.

You take this further

🧠 Required knowledge & experience

• At least 5 years of experience with AWS security in enterprise/multi-account environments

• In-depth knowledge of:

  • IAM, SSO, permission boundaries, identity federation

  • KMS, encryption standards, secrets management

  • GuardDuty, Security Hub, Detective, Config, CloudTrail

  • SCPs, Control Tower guardrails, multi-account governance

  • Data perimeter (pre)

• Experience with IaC security (Terraform best practices, drift detection, policy-as-code)

• Experience with incident response in cloud environments

• Prerequisite: pentesting/red teaming experience

🛠️ Tooling & technical skills

• Terraform, CloudFormation

• GitLab/GitHub CI/CD

• CloudWatch, logging, monitoring

• Security tooling within AWS (GuardDuty, Detective, Config, etc.)

🧩 Soft skills

• Strong in documenting, challenging, and advising

• Can translate complex security risks into concrete actions

• Strong communication skills with both engineers and management

• Proactive, critical, and ownership-driven