Identify, prioritize, and communicate cloud security risk across environments and stakeholders.
Implement preventative controls and guardrails to reduce risk before deployment.
Support remediation by driving findings to the appropriate owners and tracking outcomes.
Maintain visibility across IAM, network configuration, logging, monitoring, and workload security posture.
Identify issues such as overly permissive access, unused accounts, misconfigurations, and exposure risks.
Develop and implement guardrails, policies, and controls to prevent insecure configurations and reduce attack surface.
Promote the use of hardened images, containers, and standardized builds to reduce risk at deployment.
Integrate cloud security findings into existing workflows and coordinate remediation with responsible teams.
Support SAP cloud security needs and maintain awareness of SAP-specific risks within AWS environments.
Analyze cloud risk in context and communicate clear, actionable recommendations to stakeholders.
Support logging and monitoring capabilities setup and integration while deferring operational ownership to SOC/IR teams. Required
Requirements
Role Summary The Security Engineer – Cloud Security (AWS) is responsible for building and running the AWS cloud security program with a focus on reducing risk through visibility, guardrails, and automation.
Initial focus is AWS across commercial and GovCloud environments , with planned expansion to Azure once the AWS program is mature.
Primary Objectives Build and mature the AWS cloud security program with clear ownership, processes, and workflows.
Responsibilities Serve as the primary cloud security engineer for AWS environments, including commercial, GovCloud, dev, and test accounts.
Use AWS native security capabilities such as Inspector, Security Hub, and related services to identify and analyze risk.
Work closely with Cloud Platform, SAP, Enterprise Architecture, and other teams to implement meaningful security improvements.
experience in information security. Strong hands-on
experience with AWS cloud environments and security concepts. Strong understanding of AWS IAM, networking, logging, monitoring, and workload security.
Experience using AWS native security tools such as Inspector, Security Hub, or equivalent.
Strong understanding of DevSecOps principles, CI/CD pipelines, and application security fundamentals.
Basic understanding of SAP environments in cloud-hosted architectures.
Experience with APIs, scripting, or automation for data integration and workflow execution. Ability to operate independently and build a program with limited oversight. Preferred
Experience across multiple cloud environments, including AWS multi-account and GovCloud architectures.
Experience supporting Azure cloud environments.
Experience implementing preventative security controls such as guardrails, policy enforcement, or pipeline gating.
Experience improving data quality and visibility across multiple cloud and security data sources.
Experience working with enterprise cloud platform, networking, or architecture teams.
AWS Certified Solutions Architect – Professional or AWS Certified DevOps Engineer – Professional preferred.
Benefits
Non-Bargaining The anticipated starting base pay for this position is: $97,600.00 to $138,600.00 per year This position is eligible for the following
benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition
Contact
Individuals with a disability who need an accommodation to apply please contact us at recruiting@xcelenergy.com .
ACCESSIBILITY STATEMENT Xcel Energy endeavors to make https://www.xcelenergy.com/ accessible to any and all users.
If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at recruiting@xcelenergy.com.
Additional details
Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you’re looking for.
This role identifies and analyzes cloud security risk, drives remediation through stakeholders, and implements preventative controls to reduce exposure over time.
The role operates in an advisory capacity and does not perform direct operational changes.
This position reports to the Manager, Vulnerability Management.
Leverage automation and integration to reduce manual effort and improve consistency.
Partner with Application Security teams to support DevSecOps practices, including CI/CD pipeline integration, gates, and automation.
Use APIs, scripting, and integration to automate data collection, analysis, and workflow execution.
Experience identifying and communicating risk related to cloud configurations and architecture.
Strong analytical and complex technical problem-solving skills.
Work Location Hybrid role requiring three days per week in the office.