Cloud Security Engineer AXA DCP

Join to apply for the Cloud Security Engineer role at AXA XL Location: London, UK; Paris, France; Milan, Italy; Barcelona or Madrid, Spain; Wroclaw, Poland Overview AXA’s Management Committee is driving a unique strategic initiative – Digital Commercial Platform (DCP) – designed to transform AXA’s value proposition. Through DCP, AXA will serve existing and new clients and partners with an evolving business model focused on risk prediction, prevention and management. DCP will create a platform of AXA’s risk insights, risk management, and risk prevention capabilities to enhance and support our service offering. End users will access a broad selection of data built on existing or developing AXA assets. The platform will also monetise unique capabilities and services, aggregate and deliver insights from unique data sets with external partners, and foster end‑customer relationships aligned with brokers. AXA DCP Aims To Improve underwriting pricing and claims capabilities across the commercial lines book of business of AXA Group Create a platform for risk management and prevention services Build an ecosystem of business partners Responsibilities Act as a trusted advisor for solution architects and development teams, providing approval and guidance on secure practices and patterns Conduct security assessments and audits, identifying potential risks in software and cloud blueprints and proposing improvements Design, maintain and integrate security into the CI/CD pipeline, automating security checks and testing processes following the principle “Shift Left” Establish and monitor KPIs and KRIs related to infrastructure and application security in an AWS context Engage with stakeholders (especially Technology Office, Product Office and data management team) to facilitate and manage resolution, tracking work to report progress Utilise a variety of DevSecOps tools (Qualys WAS, CheckMarks SCA for SAS & DAST, Checkov) and cloud services (AWS Inspector, GuardDuty, CloudTrail, IAM, Config, SecurityHub, WAS Manager) to identify, assess, prioritise and manage security vulnerabilities across the organisation’s applications, systems and networks to automate and standardise configurations Foster strong partnerships with other teams (internal and external) to enhance the organisation’s overall security posture and minimise potential threats and identify threats, vulnerabilities, and control improvements Support stakeholders to enable informed decision making Design, implement and improve secure coding related practices, processes and standards Collaborate with development and operations teams to implement security controls and best practices in development and deployment processes Participate in development and continuous improvement of security processes, policies, standards and other governing documents and ensure compliance Participate in and support delivery of security audits, threat modelling and assessments and remediation of findings Participate in AXA DCP Architecture Review Board and other governance bodies/meetings related to Security activity Perform in‑depth analysis of application code and infrastructure, architecture and configurations to ensure compliance with security standards Assist in the investigation and resolution of security incidents in production and non‑production environments Define and implement Infrastructure as Code patterns and practices using Terraform in the context of AWS Required Skills and Abilities General skills At least 6 years of proven experience in IT security engineering, cloud security engineering or related roles (offensive security, blue team, red team, etc.) Good understanding of security standards such as ISO 27001, GDPR, OWASP Top 10, OWASP SAMM, OWASP ASVS, common web application vulnerabilities and security best practices (API Security, Container Security, Cloud Security) Knowledgeable with hands‑on experience on everything related to security on Amazon Web Services (AWS) Experience with security architecture, cloud technology and threat modelling Self‑driven qualities and ability to work independently with a high degree of autonomy, as well as part of a team Fluent in English Good communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships up to senior levels of management Will be a plus Security Certifications (e.g., CISM, CISSP) Cloud Certifications (e.g. AWS Solutions Architect level Associate or higher, AWS Security Speciality) Auditing and Compliance Certifications (e.g., CISA) Experience with machine learning tools and models Cloud Security (Ideally in AWS) Strong technical understanding of Cloud Security using serverless and containerised architectures Experience with scalable secure architectures for applications and networks deployed in cloud environments Significant knowledge on implementing tools and processes to improve automation and potential vulnerabilities and risks Experience using Infrastructure as Code engines, such as Terraform, in cloud environments Application development Experience application development in Python and TypeScript/JavaScript that are the main programming languages used by the team Experience on relational and NoSQL databases Experience on secure software development practices Inclusion & Diversity AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic. At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success. That’s why we have made a strategic commitment to attract, develop, advance and retain the most diverse workforce possible, and create an inclusive culture where everyone can bring their full selves to work and can reach their highest potential. Five Business Resource Groups focused on gender, LGBTQ+, ethnicity and origins, disability and inclusion with 20 Chapters around the globe Robust support for Flexible Working Arrangements Enhanced family friendly leave benefits Named to the Diversity Best Practices Index Signatory to the UK Women in Finance Charter Sustainability At AXA XL, Sustainability is integral to our business strategy. Our 2023‑26 Sustainability strategy, called “Roots of Resilience”, focuses on protecting natural ecosystems, addressing climate change and embedding sustainable practices across our operations. Our Pillars Valuing nature: How we impact nature affects how nature impacts us. Resilient ecosystems – the foundation of a sustainable planet and society – are essential to our future. We’re committed to protecting and restoring nature – from mangrove forests to the bees in our backyard – by increasing biodiversity awareness and inspiring clients and colleagues to put nature at the heart of their plans. Addressing climate change: The effects of a changing climate are far reaching and significant. Unpredictable weather, increasing temperatures, and rising sea levels cause both social inequalities and environmental disruption. We’re building a net zero strategy, developing insurance products and services, and mobilising to advance thought leadership and investment in societal‑led solutions. Integrating ESG: All companies have a role to play in building a more resilient future. Incorporating ESG considerations into our internal processes and practices builds resilience from the roots of our business. We’re training our colleagues, engaging our external partners, and evolving our sustainability governance and reporting. AXA Hearts in Action: We have established volunteering and charitable giving programmes to help colleagues support causes that matter most to them, known as AXA XL’s “Hearts in Action” programmes. These include our Matching Gifts programme, Volunteering Leave, and our annual volunteering day – the Global Day of Giving. Seniority level Not Applicable Employment type Full‑time Job function Information Technology Industries Insurance Referrals increase your chances of interviewing at AXA XL by 2x #J-18808-Ljbffr