Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Secure cloud applications and infrastructure while collaborating with development teams.
- Company: Join AXA, a leader in innovative risk management solutions.
- Benefits: Flexible working arrangements, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact on cloud security in a dynamic, inclusive environment.
- Qualifications: 6+ years in IT security, strong AWS knowledge, and excellent communication skills.
- Other info: Be part of a diverse team committed to sustainability and community support.
The predicted salary is between 36000 - 60000 ÂŁ per year.
AXA’s Management Committee is driving a unique strategic initiative - Digital Commercial Platform (DCP) – designed to transform AXA’s value proposition. Through DCP, AXA will serve existing and new clients and partners through an evolving business model, where the focus is on risk prediction, prevention and management. AXA DCP relies on creating a platform of AXA’s risk insights, risk management, and risk prevention capabilities to enhance and support our service offering to commercial clients and third parties.
AXA DCP aims to:
- Improve our underwriting pricing and claims capabilities across the commercial lines book of business of AXA Group
- Create a platform for risk management and prevention services
- Build an ecosystem of business partners
As Cloud Security Engineer, your main mission will be to ensure the security and integrity of our applications and infrastructure in the cloud. You will be responsible for implementing and supervising security architectures and controls throughout the software development lifecycle, collaborating closely with development and operations teams to enforce security standards.
What will your essential responsibilities include?
- Act as a trusted advisor for solution architects and development teams, providing approval and guidance on secure practices and patterns
- Conduct security assessments and audits, identifying potential risks in software and cloud blueprints and proposing improvements
- Design, maintain and integrate security into the CI/CD pipeline, automating security checks and testing processes following the principle “Shift Left”
- Establish and monitor KPIs and KRIs related to infrastructure and application security in an AWS context
- Engage with stakeholders (especially Technology office, Product Office and data management team) to facilitate and manage resolution, with tracking of work to report on progress
- Utilize a variety of DevSecOps tools (Qualys WAS, CheckMarks SCA for SAS & DAST, Checkov) and cloud services (AWS Inspector, GuardDuty, CloudTrail, IAM, Config, SecurityHub, WAS Manager) to identify, assess, prioritize and manage security vulnerabilities across the organization's applications, systems and networks to automate and standardize configurations
- Foster strong partnerships with other teams (internal and external) to enhance the organization's overall security posture and minimize potential threats and to identify threats, vulnerabilities, and control improvements
- Support the stakeholders to enable informed decision making
- Design, implement and improve secure coding related practices, processes and standards
- Collaborate with development and operations teams to implement security controls and best practices in the development and deployment processes
- Participate in development and continuous improvement of security processes, policies, standards and other governing documents and ensure compliance
- Participate in and support delivery of security audits, threat modelling and assessments and remediation of findings
- Participate in AXA DCP Architecture Review Board and other governance bodies/meetings related to Security activity
- Perform in-depth analysis of application code and infrastructure, architecture, and configurations to ensure compliance with security standards
- Assist in the investigation and resolution of security incidents in Production and Non Production environments
- Define and implement Infrastructure as Code patterns and practices using Terraform in the context of AWS
You will report to the Chief Security Officer, AXA DCP.
We’re looking for someone who has these abilities and skills:
- At least 6 years of proven experience in IT security engineering, cloud security engineering or related roles (offensive security, blue team, red team, etc)
- Good understanding of security standards such as ISO 27001, GDPR, OWASP Top 10, OWASP SAMM, OWASP ASVS, common web application vulnerabilities and security best practices (API Security, Container Security, Cloud Security)
- Knowledgeable with some hands-on experience on everything related to security on Amazon Web Services (AWS)
- Experience with security architecture, Cloud technology and threat modelling
- Self-driven qualities and able to work independently with a high degree of autonomy, as well as part of a team
- Fluent in English
- Good communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships up to senior levels of management
Will be a plus:
- Security Certifications (e.g., CISM, CISSP)
- Cloud Certifications (e.g. AWS Solutions Architect level Associate or higher, AWS Security Specialty)
- Auditing and Compliance Certifications (e.g., CISA)
- Experience with machine learning tools and models
Cloud Security (Ideally in AWS)
- Strong technical understanding of Cloud Security using serverless and containerized architectures
- Experience with scalable secure architectures for applications and networks deployed in cloud environments
- Significant knowledge on implementing tools and processes to improve automation and potential vulnerabilities and risks
- Experience using Infrastructure as Code engines, such as Terraform, in cloud environments
Application development
- Experience application development in Python and TypeScript/JavaScript that are the main programming languages used by the team
- Experience in relational and NoSQL databases
- Experience in secure software development practices
AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic. At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success.
AXA XL, Sustainability is integral to our business strategy. In an ever‑changing world, AXA XL protects what matters most for our clients and communities. Our 2023-26 Sustainability strategy, called “Roots of resilience”, focuses on protecting natural ecosystems, addressing climate change, and embedding sustainable practices across our operations.
Cloud Security Engineer employer: AXA Group
Contact Detail:
AXA Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cloud Security Engineer
✨Tip Number 1
Network like a pro! Reach out to folks in your industry on LinkedIn or at local meetups. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those related to cloud security. This gives potential employers a taste of what you can do.
✨Tip Number 3
Prepare for interviews by practising common questions and scenarios specific to cloud security. We recommend doing mock interviews with friends or using online platforms to boost your confidence.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team.
We think you need these skills to ace Cloud Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Cloud Security Engineer role. Highlight your relevant experience in IT security and cloud technologies, and don’t forget to mention any specific tools or frameworks you’ve worked with that align with the job description.
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about cloud security and how your skills can contribute to AXA DCP's mission. Keep it concise but impactful, and make sure to address how you can help improve their security posture.
Showcase Your Projects: If you've worked on any relevant projects, whether personal or professional, be sure to include them. Describe your role, the challenges you faced, and how you overcame them. This will give us insight into your problem-solving skills and technical expertise.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way to ensure your application gets seen by the right people. Plus, you’ll find all the details you need about the role and our company culture there!
How to prepare for a job interview at AXA Group
✨Know Your Cloud Security Basics
Before the interview, brush up on your knowledge of cloud security principles, especially those related to AWS. Be ready to discuss specific security standards like ISO 27001 and OWASP Top 10, as well as how they apply to the role.
✨Showcase Your Technical Skills
Prepare to demonstrate your hands-on experience with tools like AWS Inspector and Terraform. Bring examples of how you've implemented security measures in previous roles, particularly in CI/CD pipelines, to show you can hit the ground running.
✨Communicate Clearly and Confidently
Practice explaining complex security concepts in simple terms. Since you'll be acting as a trusted advisor, strong communication skills are key. Think about how you can convey your ideas effectively to both technical and non-technical stakeholders.
✨Engage with Real-World Scenarios
Be prepared to discuss real-world security incidents you've handled or hypothetical scenarios. This will showcase your problem-solving skills and ability to think critically under pressure, which is crucial for a Cloud Security Engineer.