Security Engineer Data & Identity

Shift is the leading AI platform for insurance. Shift combines generative agentic and predictive AI to transform underwriting claims and fraud and risk - driving operational efficiency exceptional customer experiences and measurable business impact. Trusted by the worlds leading insurers Shift delivers AI when and where it matters most at scale and with proven results.

Our culture is built on innovation trust and a drive to transform the insurance industry through our SaaS platform. We come from more than 50 different countries and cultures and together we are creating the future of insurance.

DESCRIPTION

As a Data & Identity Security Engineer within Shift you will act as a specialist bridge between our core infrastructure and our information security objectives. This is a hybrid role designed for a T-shaped engineer: you will spend 60% of your time leading deep-dive engineering projects to engineer and automate our Identity and Data Protection capabilities and 40% of your time supporting the wider team with general SecOps and DevSecOps BAU and improvement projects.

You will own the technical design and implementation of the Who What and Where - ensuring the right people have access to the right data while maintaining a holistic view of our general security posture. As part of the Information Security Department this role reports to the CISO.

RESPONSIBILITIES

Identity & Data Engineering (60% - Primary Focus)

• Identity Architecture & Automation: Design build and maintain automated Joiner Mover and Leaver (JML) workflows to ensure seamless and secure user lifecycle management.
• Data Governance & Control: Translate high-level data classification policies into practical technical controls including Role-Based Access Control (RBAC) models and automated Data Loss Prevention (DLP) rules.
• IAM Integration: Lead the technical integration of critical business applications into the central IAM platform (e.g. Entra ID Okta) utilizing SSO (SAML/OIDC) and automated provisioning (SCIM).
• Access Engineering: Define and refine the logic for automated access approvals access reviews and just-in-time privilege escalation handling exceptions that fall outside of standard workflows.
• Data Discovery: Engineer and operate automated detections to identify map and classify sensitive data across our cloud and SaaS environments.
• Secure by Design (Identity): Collaborate with DevOps and Infrastructure teams to ensure Identity best practices (Secret Management Service Principal least-privilege Machine Identity) are embedded in new systems and CI/CD pipelines.

General Security Operations & DevSecOps (40% - BAU & Support)

• Detect & Respond: Participate in the general security incident response rotation. Investigate alerts contain threats and drive recovery for security events (not limited to identity).
• Vulnerability Management: Support the operation of the software vulnerability management program helping to prioritize remediation of code defects and infrastructure flaws.
• Cloud Security Operations: Collaborate with SRE and Cloud Operations to monitor the general security of the Azure platform identifying risks and weaknesses in infrastructure (CSPM) and architectural and engineering flaws.
• Security Tooling: Assist in the maintenance of holistic security tooling coverage (e.g. Endpoint Detection SAST/DAST tools) to ensure the build and deploy pipeline remains secure.
• Technical Escalation: Serve as a technical escalation point for complex security issues involving authentication authorization and general security anomalies.

SKILLS & BACKGROUND

The ideal candidate is a security engineer who has sub-specialized in Identity and Data but retains broad general Cloud Security DevSecOps and SecOps skills applicable to a growing SOC.

Core Experience:

• 5 years of experience in technical security roles (Security Engineering IAM Engineering or Systems Integration).
• Proven experience working in regulated environments (e.g. ISO 27001 SOC 2 GDPR) and translating compliance requirements into technical data controls.
• Familiarity with security frameworks particularly MITRE ATT&CK.
• Understanding of compliance and privacy frameworks for context (e.g. ISO 27001 SOC 2 NIST CSF HIPAA GDPR).
• Broad understanding of core information security technologies and concepts.

Specialist Skills:

• Identity Platforms: Hands-on engineering experience with major IAM platforms (specifically Entra ID and/or Okta).
• Protocols: Deep technical understanding of authentication and authorization standards (SAML OAuth OpenID Connect SCIM) and how to troubleshoot them.
• Data Governance: Experience implementing Data Classification Data Discovery and DLP tools in a cloud-native environment.
• Access Control: Strong grasp of RBAC ABAC and Least Privilege principles specifically within Azure and SaaS ecosystems.
• Automation: Proficiency in scripting languages (PowerShell Python Javascript) to automate JML flows API integrations general security automation.

General Security Skills:

• Cloud Security: Familiarity with Azure security services and general cloud security (Sentinel Defender for Cloud Key Vault Blobs Network Security).
• DevSecOps Awareness: Understanding of CI/CD pipelines secret management in code and vulnerability scanning (SAST/DAST).
• SecOps: Experience with Incident Response processes and using SIEM/XDR tools to investigate threats.
• Communication: Excellent ability to document technical workflows and communicate security risks to non-technical data owners.

Professional Attributes:

• A can-do attitude with the ability to own projects independently from design to operation.
• Strong attention to detail particularly regarding data privacy and user access rights.
• A passion for automating the boring stuff to focus on high-value engineering.

HIRING PROCESS

• TA Interview
• CISO Interview
• Technical panel interview with the team
• Couple of short final interviews (in one session) with some Tech leaders

#LI-RH1#LI-HYBRID

To support our permanent full time employees at every stage of their careers and lives we provide a competitive total rewards and benefits package. Here are the global benefits wed like to highlight:

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Multiple Learning and Development opportunities including Focus Fridays a half-day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• Mental health benefits
• 2 MAD Days per year (Make A Difference Days for paid volunteering)

Additional benefits may be offered by country - ask your recruiter for more information. Intern and Apprentice position are eligible for some of these benefits - ask your recruiter for more details.

At Shift we strive to be a diverse and inclusive workforce. We welcome applications from and hire people who will contribute to the diversity of our companywithout regard to race color religion marital status age national or ethnic origin physical or mental disability medical condition pregnancy genetic information gender identity or expression sexual orientation or other non-merit criteria.

Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation please email and we will work with you to meet your accessibility needs.

Please be aware of scammers and only trust correspondence that comes from emails ending in . We will never do initial outreach to you via Whatsapp/Text/SMS never ask for banking information or personal identification numbers (ex. Social Security Number) as part of our recruitment process.

Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs including those submitted directly to hiring managers are deemed to be the property of Shift Technology.