This is your opportunity to join AXIS Capital – a trusted global provider of specialty lines insurance and reinsurance. We stand apart for our outstanding client service, intelligent risk taking and superior risk adjusted returns for our shareholders. We also proudly maintain an entrepreneurial, disciplined and ethical corporate culture. As a member of AXIS, you join a team that is among the best in the industry.

At AXIS, we believe that we are only as strong as our people. We strive to create an inclusive and welcoming culture where employees of all backgrounds and from all walks of life feel comfortable and empowered to be themselves. This means that we bring our whole selves to work.

All qualified applicants will receive consideration for employment without regard to race, color, religion or creed, sex, pregnancy, sexual orientation, gender identity or expression, national origin or ancestry, citizenship, physical or mental disability, age, marital status, civil union status, family or parental status, or any other characteristic protected by law. Accommodation is available upon request for candidates taking part in the selection process.

Job Description: Cloud Security Engineer

How does this role contribute to our collective success?

We are looking for a forward-thinking Cloud Security Engineer to join our cybersecurity team and lead the design, implementation, and continuous improvement of our cloud security posture. This role is deeply technical and strategic, focusing on securing cloud-native architectures, enforcing policy-as-code, and embedding defense-in-depth principles across multi-cloud environments.

You will work closely with cloud architects, DevOps, and application teams to ensure that security is built into every layer of our cloud infrastructure—from identity and access to workload protection and network segmentation.

What will you do in this role?

Develop and maintain secure, scalable, and resilient cloud architectures aligned with industry frameworks such as CIS Controls and MITRE ATT&CK for Cloud.
Define and implement hardened configurations for computing, storage, networking, and identity services across all cloud environments using security benchmarks and policy-as-code.
Engineer, Architect and enforce robust identity and access management (IAM) models, including role-based access control (RBAC), attribute-based access control (ABAC), and least privilege principles.
Apply layered security controls across identity, network, data, and application layers to reduce attack surface and improve detection and response capabilities.
Use Infrastructure as Code (IaC) and policy-as-code to automate the deployment and enforcement of security controls, ensuring consistency and auditability across environments.
Work with development teams in architecture design and review sessions.
Provide specific security expertise on cloud platforms including areas such as IAM, secure storage access, authentication methods, encryption, logging and monitoring, and application security.
Perform proactive threat modelling and architecture reviews for new cloud initiatives, identifying risks and recommending mitigation strategies early in the design phase.
Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancements.
Develop technical solutions and security tools to help mitigate security vulnerabilities and support efficient operations on cloud platforms.
Integrate security into DevOps pipelines by embedding configuration scanning, secrets detection, and compliance checks into build and deployment processes.
Represent cybersecurity within Enterprise Architecture and Platform Engineering forums to ensure projects and designs are based on internal and industry best security practices.
Stay current with evolving threats, vulnerabilities, and best practices in cloud security; lead initiatives to improve posture through automation, tooling, and process refinement.

You may also be required to take on additional duties, responsibilities and activities appropriate to the nature of this role.

About You:

We encourage you to bring your own experience and expertise to the table, so while there are some qualifications and experiences, we need you to have, we are open to discussing how your individual knowledge might lend itself to fulfilling this role and help us achieve our goals.

What you need to have:

Bachelor’s degree in computer science, Information Systems, Engineering or similar or equivalent work experience.
5+ years of experience in security engineering, architecture, or DevSecOps roles on Cloud platform.
Strong knowledge and hand on experience with cloud computing concepts, particularly Microsoft Azure PaaS, IaaS.
Experience in CNAPP, CSPM, and CWPP platforms.
Knowledge of frameworks and standards, such as NIST Cybersecurity set of frameworks, CIS, ISO, MITRE and OWASP
Experience with application architectures and technology like API’s, Docker, Kubernetes, and microservices
Hands on experience on the cloud console and configuration settings for cloud services.
Strong communication and collaboration skills, with the ability to influence engineering teams and articulate security risks to both technical and non-technical stakeholders.

What we prefer you to have:

Proficiency in scripting or automation (Python, Bash, PowerShell) and IaC tools (Terraform, CloudFormation, ARM).
Experience with container and Kubernetes security (e.g., EKS, AKS)
Preferred Security Certifications: CISSP, CCSP, AWS/Azure/GCP Security Specialty certifications (AZ-500, AZ-300)

What we offer:

For this position, in the US we currently expect to offer a base salary in the range of $125,000 to $165,000 (NY), $105,000 to $140,000 (GA), $118,000 to $160,000 (NJ) . The specific salary offer will be based on an assessment of various factors, including the experience of the successful candidate and their work location.

You will be eligible for a comprehensive and competitive benefits package which includes medical plans for you and your family, health and wellness programs, retirement plans, tuition reimbursement, paid annual leave, and much more.

Where this role is based in the United States of America, this role is Exempt for FLSA purposes.