Security Engineer

Shift is the leading AI platform for insurance. Shift combines generative, agentic, and predictive AI to transform underwriting, claims, and fraud and risk - driving operational efficiency, exceptional customer experiences and measurable business impact. Trusted by the world’s leading insurers, Shift delivers AI when and where it matters most, at scale and with proven results. Our culture is built on innovation, trust, and a drive to transform the insurance industry through our SaaS platform. We come from more than 50 different countries and cultures and together we are creating the future of insurance. DESCRIPTION As a Data & Identity Security Engineer within Shift, you will act as a specialist bridge between our core infrastructure and our information security objectives. This is a hybrid role designed for a T‑shaped engineer: you will spend 60% of your time leading deep‑dive engineering projects to engineer and automate our Identity and Data Protection capabilities, and 40% of your time supporting the wider team with general SecOps and DevSecOps BAU and improvement projects. You will own the technical design and implementation of the "Who, What, and Where" - ensuring the right people have access to the right data, while maintaining a holistic view of our general security posture. As part of the Information Security Department, this role reports to the CISO. RESPONSIBILITIES Identity & Data Engineering (60% - Primary Focus) Identity Architecture & Automation : Design, build, and maintain automated Joiner, Mover, and Leaver (JML) workflows to ensure seamless and secure user lifecycle management. Data Governance & Control : Translate high‑level data classification policies into practical technical controls, including Role‑Based Access Control (RBAC) models and automated Data Loss Prevention (DLP) rules. IAM Integration : Lead the technical integration of critical business applications into the central IAM platform (e.g., Entra ID, Okta) utilizing SSO (SAML / OIDC) and automated provisioning (SCIM). Access Engineering : Define and refine the logic for automated access approvals, access reviews, and "just‑in‑time" privilege escalation, handling exceptions that fall outside of standard workflows. Data Discovery : Engineer and operate automated detections to identify, map, and classify sensitive data across our cloud and SaaS environments. Secure by Design (Identity) : Collaborate with DevOps and Infrastructure teams to ensure Identity best practices (Secret Management, Service Principal least‑privilege, Machine Identity) are embedded in new systems and CI / CD pipelines. General Security Operations & DevSecOps (40% - BAU & Support) Detect & Respond : Participate in the general security incident response rotation. Investigate alerts, contain threats, and drive recovery for security events (not limited to identity). Vulnerability Management : Support the operation of the software vulnerability management program, helping to prioritize remediation of code defects and infrastructure flaws. Cloud Security Operations : Collaborate with SRE and Cloud Operations to monitor the general security of the Azure platform, identifying risks and weaknesses in infrastructure (CSPM) and architectural and engineering flaws. Security Tooling : Assist in the maintenance of holistic security tooling coverage (e.g., Endpoint Detection, SAST / DAST tools) to ensure the build and deploy pipeline remains secure. Technical Escalation : Serve as a technical escalation point for complex security issues involving authentication, authorization, and general security anomalies. SKILLS & BACKGROUND The ideal candidate is a security engineer who has sub‑specialized in Identity and Data but retains broad general Cloud Security, DevSecOps, and SecOps skills applicable to a growing SOC. Core Experience 5+ years of experience in technical security roles (Security Engineering, IAM Engineering, or Systems Integration). Proven experience working in regulated environments (e.g., ISO 27001, SOC 2, GDPR) and translating compliance requirements into technical data controls. Familiarity with security frameworks, particularly MITRE ATT&CK. Understanding of compliance and privacy frameworks for context (e.g., ISO 27001, SOC 2, NIST CSF, HIPAA, GDPR). Broad understanding of core information security technologies and concepts. Specialist Skills Identity Platforms : Hands‑on engineering experience with major IAM platforms (specifically Entra ID and / or Okta). Protocols : Deep technical understanding of authentication and authorization standards (SAML, OAuth, OpenID Connect, SCIM) and how to troubleshoot them. Data Governance : Experience implementing Data Classification, Data Discovery, and DLP tools in a cloud‑native environment. Access Control : Strong grasp of RBAC, ABAC, and Least Privilege principles, specifically within Azure and SaaS ecosystems. Automation : Proficiency in scripting languages (PowerShell, Python, Javascript) to automate JML flows, API integrations, general security automation. General Security Skills Cloud Security : Familiarity with Azure security services and general cloud security (Sentinel, Defender for Cloud, Key Vault, Blobs, Network Security). DevSecOps Awareness : Understanding of CI / CD pipelines, secret management in code, and vulnerability scanning (SAST / DAST). SecOps : Experience with Incident Response processes and using SIEM / XDR tools to investigate threats. Communication : Excellent ability to document technical workflows and communicate security risks to non‑technical data owners. Professional Attributes A "can‑do" attitude with the ability to own projects independently from design to operation. Strong attention to detail, particularly regarding data privacy and user access rights. A passion for automating the "boring" stuff to focus on high‑value engineering. HIRING PROCESS TA Interview CISO Interview Technical panel interview with the team Couple of short final interviews (in one session) with some Tech leaders Benefits To support our permanent, full time employees at every stage of their careers and lives, we provide a competitive total rewards and benefits package. Here are the global benefits we’d like to highlight : Flexible remote and hybrid working options Competitive Salary and a variable component tied to personal and company performance Company equity Multiple Learning and Development opportunities, including Focus Fridays, a half‑day each month to focus on learning and personal growth Generous PTO and paid holidays Mental health benefits 2 MAD Days per year (Make A Difference Days for paid volunteering) Additional benefits may be offered by country - ask your recruiter for more information. Intern and Apprentice position are eligible for some of these benefits - ask your recruiter for more details. #J-18808-Ljbffr