Security Engineer - Cloud Security; AWS

Position: Security Engineer - Cloud Security (AWS)
Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you're looking for.

Role Summary

The Security Engineer - Cloud Security (AWS) is responsible for building and running the AWS cloud security program with a focus on reducing risk through visibility, guardrails, and automation. This role identifies and analyzes cloud security risk, drives remediation through stakeholders, and implements preventative controls to reduce exposure over time. The role operates in an advisory capacity and does not perform direct operational changes.

Initial focus is AWS across commercial and Gov Cloud environments, with planned expansion to Azure once the AWS program is mature. This position reports to the Manager, Vulnerability Management.

Primary Objectives

* Build and mature the AWS cloud security program with clear ownership, processes, and workflows.

* Identify, prioritize, and communicate cloud security risk across environments and stakeholders.

* Implement preventative controls and guardrails to reduce risk before deployment.

* Leverage automation and integration to reduce manual effort and improve consistency.

* Support remediation by driving findings to the appropriate owners and tracking outcomes.

Responsibilities

* Serve as the primary cloud security engineer for AWS environments, including commercial, Gov Cloud, dev, and test accounts.

* Use AWS native security capabilities such as Inspector, Security Hub, and related services to identify and analyze risk.

* Maintain visibility across IAM, network configuration, logging, monitoring, and workload security posture.

* Identify issues such as overly permissive access, unused accounts, misconfigurations, and exposure risks.

* Develop and implement guardrails, policies, and controls to prevent insecure configurations and reduce attack surface.

* Promote the use of hardened images, containers, and standardized builds to reduce risk at deployment.

* Integrate cloud security findings into existing workflows and coordinate remediation with responsible teams.

* Work closely with Cloud Platform, SAP, Enterprise Architecture, and other teams to implement meaningful security improvements.

* Partner with Application Security teams to support Dev Sec Ops  practices, including CI/CD pipeline integration, gates, and automation.

* Support SAP cloud security needs and maintain awareness of SAP-specific risks within AWS environments.

* Use APIs, scripting, and integration to automate data collection, analysis, and workflow execution.

* Analyze cloud risk in context and communicate clear, actionable recommendations to stakeholders.

* Support logging and monitoring capabilities setup and integration while deferring operational ownership to SOC/IR teams.

Required Qualifications

* Minimum 5 years of experience in information security.

* Strong hands-on experience with AWS cloud environments and security concepts.

* Strong understanding of AWS IAM, networking, logging, monitoring, and workload security.

* Experience using AWS native security tools such as Inspector, Security Hub, or equivalent.

* Strong understanding of Dev Sec Ops  principles, CI/CD pipelines, and application security fundamentals.

* Basic understanding of SAP environments in cloud-hosted architectures.

* Experience identifying and communicating risk related to cloud configurations and architecture.

* Strong analytical and complex technical problem-solving skills.

* Ability to communicate technical risk clearly to non-technical stakeholders.

* Experience with APIs, scripting, or automation for data integration and workflow execution.

* Ability to operate independently and build a program with limited oversight.

Preferred Qualifications

* Experience across multiple cloud environments, including AWS multi-account and Gov Cloud architectures.

* Experience supporting Azure cloud environments.

* Experience implementing preventative security controls such as guardrails, policy enforcement, or pipeline gating.

* Experience improving data quality and visibility across multiple cloud and security data sources.

* Experience working with enterprise cloud platform, networking, or architecture teams.

Certifications

* AWS Certified Security - Specialty required.

* AWS Certified Solutions Architect - Professional or AWS Certified Dev Ops Engineer - Professional preferred.

Work Location

Hybrid role requiring three days per week in the office. Must be located within Xcel Energy territory and reasonably close to an Xcel Energy facility. Denver, Colorado and Minnesota areas preferred.

As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive…