Senior Security Architect

Shift is the leading AI platform for insurance. Shift combines generative, agentic, and predictive AI to transform underwriting, claims, and fraud and risk - driving operational efficiency, exceptional customer experiences and measurable business impact. Trusted by the world's leading insurers, Shift delivers AI when and where it matters most, at scale and with proven results.Our culture is built on innovation, trust, and a drive to transform the insurance industry through our SaaS platform. We come from more than 50 different countries and cultures and together we are creating the future of insurance.The security team is a critical component of Shift Technology as no organization is immune to cyber-crime. The team is responsible for protecting information throughout the security infrastructure, edge devices, networks, and data.What you'll do...As a Senior Security Architect, reporting to the CISO, you will be a senior member of the Information Security team, responsible for the end-to-end security architecture of our Azure-based SaaS platform and the creation, adoption, and governance of security architecture best practice across our organisation.RESPONSIBILITIESCloud Security ArchitectureDesign and maintain the security reference architecture for our Azure-native, Windows, and Kubernetes-based SaaS products.Act as the primary security consultant for product and engineering teams, providing authoritative guidance on secure design patterns for Azure infrastructure and services.Review and approve architectural designs for new services to ensure they align with security principles (Zero Trust, defense-in-depth) and compliance requirements.Define and enforce security standards for Azure networking, including VNet segmentation, firewalling, and private connectivity.Product & Application SecurityLead threat modeling exercises (e.g., STRIDE) with development teams for new products and features to identify and mitigate risks early in the SDLC.Develop and maintain secure coding standards and provide expert guidance on the prioritization and remediation of findings from SAST, DAST, and SCA tools.Architect security solutions for the SaaS application layer, including tenant isolation, customer data segregation, secure APIs, and authentication/authorization patterns.Data SecurityDesign and enforce security patterns for protecting data at rest and in transit across all Azure data platforms (e.g., Azure SQL, Cosmos DB, Databricks)Partner with the Data Access Governance function to translate data classification policies into tangible technical access controls.Architect solutions for secrets management, encryption, and key management, primarily leveraging Azure Key Vault.Architect and design a secure data access solution using VDI (Azure Virtual Desktop), including the integration of Data Loss Prevention (DLP) and other data protection controls to prevent data exfiltration.Security Engineering & Operations EnablementDevelop security-as-code and Infrastructure as Code (IaC) to create guardrails and proactively detect insecure configurations.Serve as a senior technical escalation point for the Security Operations team during complex cloud security investigations.Evaluate, prototype, and recommend new cloud security technologies and services to mature the overall security program.SKILLS & BACKGROUNDAt least seven (7) years of proven experience in a senior cloud security, product security, or security architecture role.Bachelor’s Degree in a relevant field or equivalent work experience.Relevant security or Azure certifications (e.g., AZ-500, CISSP) are highly desirable.Architectural & Application Security ExpertiseProven experience designing security for multi-tenant SaaS applications in a public cloud environment, preferably Azure.A firm understanding of core security principles like least privilege, defense-in-depth, and zero trust, and able to champion and educate colleagues on those principles.Deep understanding of the OWASP Top 10, common application and cloud infrastructure security vulnerabilities, and their mitigation.Hands-on experience with application security tools (SAST, DAST, SCA) and threat modeling methodologies such as STRIDE.Azure Platform & Data Security ExpertiseStrong knowledge of core Azure security services (e.g., Sentinel, Defender for Cloud, Key Vault, Private Link, Azure Policy).Expert-level knowledge of Microsoft Entra ID, including roles, conditional access, application permissions, and identity governance.Experience designing and implementing security controls for a variety of data platforms in Azure (e.g., Azure SQL, Cosmos DB).Direct experience designing and securing VDI solutions in Azure (Azure Virtual Desktop), including network segmentation, endpoint security for images, and DLP policy enforcement.Knowledge & FrameworksStrong familiarity with security frameworks, particularly MITRE ATT&CK.Understanding of compliance and privacy frameworks for context (e.g., ISO 27001, SOC 2, NIST CSF, HIPAA, GDPR).Broad understanding of core information security technologies and concepts.Core CompetenciesA strong analytical and investigative mindset with high attention to detail.Excellent communication skills, with the ability to clearly articulate technical findings.A collaborative team player who can work effectively with technical and non-technical stakeholders.Ability to use architecture as a positive tool to guide, shape, transform, and accelerate.RECRUITMENT PROCESSTA InterviewCISO interviewSecurity team interviewCTO interviewAt Shift we strive to be a diverse and inclusive workforce. We welcome applications from and hire people who will contribute to the diversity of our company, without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria.Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation, please email accommodation@shift-technology.com and we will work with you to meet your accessibility needs. #J-18808-Ljbffr