Cloud Security Engineer

AXIS Capital is a global provider of specialty lines insurance and reinsurance. We stand apart for our outstanding client service, intelligent risk taking and superior risk-adjusted returns for our shareholders. We also proudly maintain an entrepreneurial, disciplined and ethical corporate culture. As a member of AXIS, you join a team that is among the best in the industry.

We believe that we are only as strong as our people. We strive to create an inclusive and welcoming culture where employees of all backgrounds and from all walks of life feel comfortable and empowered to be themselves. This means that we bring our whole selves to work.

All qualified applicants will receive consideration for employment without regard to race, color, religion or creed, sex, pregnancy, sexual orientation, gender identity or expression, national origin or ancestry, citizenship, physical or mental disability, age, marital status, civil union status, family or parental status, or any other characteristic protected by law. Accommodation is available upon request for candidates taking part in the selection process.

• Develop and maintain secure, scalable, and resilient cloud architectures aligned with industry frameworks such as CIS Controls and MITRE ATT&CK for Cloud.
• Define and implement hardened configurations for computing, storage, networking, and identity services across all cloud environments using security benchmarks and policy-as-code.
• Engineer, Architect and enforce robust identity and access management (IAM) models, including RBAC, ABAC, and least privilege principles.
• Apply layered security controls across identity, network, data, and application layers to reduce attack surface and improve detection and response capabilities.
• Use Infrastructure as Code (IaC) and policy-as-code to automate the deployment and enforcement of security controls, ensuring consistency and auditability across environments.
• Work with development teams in architecture design and review sessions.
• Provide specific security expertise on cloud platforms including IAM, secure storage access, authentication methods, encryption, logging and monitoring, and application security.
• Perform proactive threat modelling and architecture reviews for new cloud initiatives, identifying risks and recommending mitigation strategies early in the design phase.
• Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancements.
• Develop technical solutions and security tools to help mitigate security vulnerabilities and support efficient operations on cloud platforms.
• Integrate security into DevOps pipelines by embedding configuration scanning, secrets detection, and compliance checks into build and deployment processes.
• Represent cybersecurity within Enterprise Architecture and Platform Engineering forums to ensure projects and designs are based on internal and industry best security practices.
• Stay current with evolving threats, vulnerabilities, and best practices in cloud security; lead initiatives to improve posture through automation, tooling, and process refinement.

You may also be required to take on additional duties, responsibilities and activities appropriate to the nature of this role.

We encourage you to bring your own experience and expertise to the table, so while there are some qualifications and experiences, we need you to have, we are open to discussing how your individual knowledge might lend itself to fulfilling this role and help us achieve our goals.

• Bachelor’s degree in computer science, Information Systems, Engineering or similar or equivalent work experience.
• 5+ years of experience in security engineering, architecture, or DevSecOps roles on Cloud platform.
• Strong knowledge and hands-on experience with cloud computing concepts, particularly Microsoft Azure PaaS, IaaS.
• Experience in CNAPP, CSPM, and CWPP platforms.
• Knowledge of frameworks and standards, such as NIST Cybersecurity Framework, CIS, ISO, MITRE and OWASP.
• Experience with application architectures and technology like APIs, Docker, Kubernetes, and microservices.
• Hands-on experience on the cloud console and configuration settings for cloud services.
• Strong communication and collaboration skills, with the ability to influence engineering teams and articulate security risks to both technical and non-technical stakeholders.

• Proficiency in scripting or automation (Python, Bash, PowerShell) and IaC tools (Terraform, CloudFormation, ARM).
• Experience with container and Kubernetes security (e.g., EKS, AKS).
• Preferred Security Certifications : CISSP, CCSP, AWS / Azure / GCP Security Specialty certifications (AZ-500, AZ-300).

For this position, in the US we currently expect to offer a base salary in the range of $125,000 to $165,000 (NY), $105,000 to $140,000 (GA), $118,000 to $160,000 (NJ). The specific salary offer will be based on an assessment of various factors, including the experience of the successful candidate and their work location.

You will be eligible for a comprehensive and competitive benefits package which includes medical plans for you and your family, health and wellness programs, retirement plans, tuition reimbursement, paid annual leave, and much more.

Where this role is based in the United States of America, this role is Exempt for FLSA purposes.

• Seniority level : Mid-Senior level
• Employment type : Full-time
• Job function : Information Technology
• Industries : Insurance