Senior Security Architect

Shift is the leading AI platform for insurance.  Shift combines generative, agentic, and predictive AI to transform underwriting, claims, and fraud and risk - driving operational efficiency, exceptional customer experiences and measurable business impact.  Trusted by the world's leading insurers, Shift delivers AI when and where it matters most, at scale and with proven results.

Our culture is built on innovation, trust, and a drive to transform the insurance industry through our SaaS platform. We come from more than 50 different countries and cultures and together we are creating the future of insurance.

The security team is a critical component of Shift Technology as no organization is immune to cyber-crime. The team is responsible for protecting information throughout the security infrastructure, edge devices, networks, and data. We strive to stay up to date with the latest tactics hackers are employing in the field in order to prevent data breaches by monitoring and reacting to attacks but the first step is finding the most qualified professionals to lead the way.

What you'll do...

As a Senior Security Architect, reporting to the CISO, you will be a senior member of the Information Security team, responsible for the end-to-end security architecture of our Azure-based SaaS platform and the creation, adoption, and governance of security architecture best practice across our organisation. You will serve as the subject matter expert for both cloud infrastructure and application security, partnering with engineering teams to embed security into the entire software development lifecycle (SDLC). You will design secure, scalable, and resilient solutions for our single- and multi-tenant offerings, ensuring the protection of our platform and our customers' data.

RESPONSIBILITIES

Cloud Security Architecture

• • Design and maintain the security reference architecture for our Azure-native, Windows, and Kubernetes-based SaaS products.
• Act as the primary security consultant for product and engineering teams, providing authoritative guidance on secure design patterns for Azure infrastructure and services.
• Review and approve architectural designs for new services to ensure they align with security principles (Zero Trust, defense-in-depth) and compliance requirements.
• Define and enforce security standards for Azure networking, including VNet segmentation, firewalling, and private connectivity.

Product & Application Security

• • Lead threat modeling exercises (e.g., STRIDE) with development teams for new products and features to identify and mitigate risks early in the SDLC.
• Develop and maintain secure coding standards and provide expert guidance on the prioritization and remediation of findings from SAST, DAST, and SCA tools.
• Architect security solutions for the SaaS application layer, including tenant isolation, customer data segregation, secure APIs, and authentication/authorization patterns.

Data Security

• • Design and enforce security patterns for protecting data at rest and in transit across all Azure data platforms (e.g., Azure SQL, Cosmos DB, Databricks)
• Partner with the Data Access Governance function to translate data classification policies into tangible technical access controls.
• Architect solutions for secrets management, encryption, and key management, primarily leveraging Azure Key Vault.
• Architect and design a secure data access solution using VDI (Azure Virtual Desktop), including the integration of Data Loss Prevention (DLP) and other data protection controls to prevent data exfiltration.

Security Engineering & Operations Enablement

• • Develop security-as-code and Infrastructure as Code (IaC) to create guardrails and proactively detect insecure configurations.
• Serve as a senior technical escalation point for the Security Operations team during complex cloud security investigations.
• Evaluate, prototype, and recommend new cloud security technologies and services to mature the overall security program.

SKILLS & BACKGROUND

Experience & Qualifications

• • At least seven (7) years of proven experience in a senior cloud security, product security, or security architecture role.
• Bachelor's Degree in a relevant field or equivalent work experience.
• Relevant security or Azure certifications (e.g., AZ-500, CISSP) are highly desirable.

Architectural & Application Security Expertise

• • Proven experience designing security for multi-tenant SaaS applications in a public cloud environment, preferably Azure.
• A firm understanding of core security principles like least privilege, defense-in-depth, and zero trust, and able to champion and educate colleagues on those principles.
• Deep understanding of the OWASP Top 10, common application and cloud infrastructure security vulnerabilities, and their mitigation.
• Hands-on experience with application security tools (SAST, DAST, SCA) and threat modeling methodologies such as STRIDE.

Azure Platform & Data Security Expertise

• • Strong knowledge of core Azure security services (e.g., Sentinel, Defender for Cloud, Key Vault, Private Link, Azure Policy).
• Expert-level knowledge of Microsoft Entra ID, including roles, conditional access, application permissions, and identity governance.
• Experience designing and implementing security controls for a variety of data platforms in Azure (e.g., Azure SQL, Cosmos DB).
• Direct experience designing and securing VDI solutions in Azure (Azure Virtual Desktop), including network segmentation, endpoint security for images, and DLP policy enforcement.

Knowledge & Frameworks

• • Strong familiarity with security frameworks, particularly MITRE ATT&CK.
• Understanding of compliance and privacy frameworks for context (e.g., ISO 27001, SOC 2, NIST CSF, HIPAA, GDPR).
• Broad understanding of core information security technologies and concepts.

Core Competencies

• • A strong analytical and investigative mindset with high attention to detail.
• Excellent communication skills, with the ability to clearly articulate technical findings.
• A collaborative team player who can work effectively with technical and non-technical stakeholders.
• Ability to use architecture as a positive tool to guide, shape, transform, and accelerate.

RECRUITMENT PROCESS

• TA Interview
• CISO interview
• Security team interview
• CTO interview

To support our permanent, full time employees at every stage of their careers and lives, we provide a competitive total rewards and benefits package. Here are the global benefits we'd like to highlight:

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Multiple Learning and Development opportunities, including Focus Fridays, a half-day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• Mental health benefits
• 2 MAD Days per year (Make A Difference Days for paid volunteering)

Additional benefits may be offered by country - ask your recruiter for more information. Intern and Apprentice position are eligible for some of these benefits - ask your recruiter for more details.

At Shift we strive to be a diverse and inclusive workforce.
We welcome applications from and hire people who will contribute to the diversity of our company,
without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria.

Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation, please email - and we will work with you to meet your accessibility needs.

Please be aware of scammers and only trust correspondence that comes from emails ending in "shift-". We will never do initial outreach to you via Whatsapp/Text/SMS, never ask for banking information or personal identification numbers (ex. Social Security Number) as part of our recruitment process.

Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Shift Technology.