Security Engineer – Cloud Security (AWS)

Job Location:

Denver, CO - USA

Yearly Salary: $ 97600 - 138600

Posted on: 14 days ago

Vacancies: 1 Vacancy

Job Summary

Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of Do you want a workplace that will challenge you and offer you opportunities to learn and grow A position at Xcel Energy could be just what youre looking for.

Role Summary

The Security Engineer Cloud Security (AWS) is responsible for building and running the AWS cloud security program with a focus on reducing risk through visibility guardrails and automation. This role identifies and analyzes cloud security risk drives remediation through stakeholders and implements preventative controls to reduce exposure over time. The role operates in an advisory capacity and does not perform direct operational changes. Initial focus is AWS across commercial and GovCloud environments with planned expansion to Azure once the AWS program is mature. This position reports to the Manager Vulnerability Management.

Primary Objectives

Build and mature the AWS cloud security program with clear ownership processes and workflows.

Identify prioritize and communicate cloud security risk across environments and stakeholders.

Implement preventative controls and guardrails to reduce risk before deployment.

Leverage automation and integration to reduce manual effort and improve consistency.

Support remediation by driving findings to the appropriate owners and tracking outcomes.

Responsibilities

Serve as the primary cloud security engineer for AWS environments including commercial GovCloud dev and test accounts.

Use AWS native security capabilities such as Inspector Security Hub and related services to identify and analyze risk.

Maintain visibility across IAM network configuration logging monitoring and workload security posture.

Identify issues such as overly permissive access unused accounts misconfigurations and exposure risks.

Develop and implement guardrails policies and controls to prevent insecure configurations and reduce attack surface.

Promote the use of hardened images containers and standardized builds to reduce risk at deployment.

Integrate cloud security findings into existing workflows and coordinate remediation with responsible teams.

Work closely with Cloud Platform SAP Enterprise Architecture and other teams to implement meaningful security improvements.

Partner with Application Security teams to support DevSecOps practices including CI/CD pipeline integration gates and automation.

Support SAP cloud security needs and maintain awareness of SAP-specific risks within AWS environments.

Use APIs scripting and integration to automate data collection analysis and workflow execution.

Analyze cloud risk in context and communicate clear actionable recommendations to stakeholders.

Support logging and monitoring capabilities setup and integration while deferring operational ownership to SOC/IR teams.

Required Qualifications

Minimum 5 years of experience in information security.

Strong hands-on experience with AWS cloud environments and security concepts.

Strong understanding of AWS IAM networking logging monitoring and workload security.

Experience using AWS native security tools such as Inspector Security Hub or equivalent.

Strong understanding of DevSecOps principles CI/CD pipelines and application security fundamentals.

Basic understanding of SAP environments in cloud-hosted architectures.

Experience identifying and communicating risk related to cloud configurations and architecture.

Strong analytical and complex technical problem-solving skills.

Ability to communicate technical risk clearly to non-technical stakeholders.

Experience with APIs scripting or automation for data integration and workflow execution.

Ability to operate independently and build a program with limited oversight.

Preferred Qualifications

Experience across multiple cloud environments including AWS multi-account and GovCloud architectures.

Experience supporting Azure cloud environments.

Experience implementing preventative security controls such as guardrails policy enforcement or pipeline gating.

Experience improving data quality and visibility across multiple cloud and security data sources.

Experience working with enterprise cloud platform networking or architecture teams.

Certifications

AWS Certified Security Specialty required.

AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional preferred.

Work Location

Hybrid role requiring three days per week in the office. Must be located within Xcel Energy territory and reasonably close to an Xcel Energy facility. Denver Colorado and Minnesota areas preferred.

As a leading combination electricity and natural gas energy company Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy we strive to be the preferred and trusted provider of the energy our customers need. If youre ready to be a part of something big we invite you to join our team.

All qualified applicants will receive consideration for employment without regard to age race color religion sex sexual orientation gender identity national origin disability or status as a protected veteran.

Individuals with a disability who need an accommodation to apply please contact us at .

Non-Bargaining

The anticipated starting base pay for this position is: $97600.00 to $138600.00 per year

This position is eligible for the following benefits: Annual Incentive Program Medical/Pharmacy Plan Dental Vision Life Insurance Dependent Care Reimbursement Account Health Care Reimbursement Account Health Savings Account (HSA) (if enrolled in eligible health plan) Limited-Purpose FSA (if enrolled in eligible health plan and HSA) Transportation Reimbursement Account Short-term disability (STD) Long-term disability (LTD) Employee Assistance Program (EAP) Fitness Center Reimbursement (if enrolled in eligible health plan) Tuition reimbursement Transit programs Employee recognition program Pension 401(k) plan Paid time off (PTO) Holidays Volunteer Paid Time Off (VPTO) Parental Leave

Benefit plans are subject to change and Xcel Energy has the right to end suspend or amend any of its plans at any time in whole or in part.

In any materials you submit you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation. You will not be penalized for redacting or removing this information.

Deadline to Apply: 06/21/26

EEO is the Law EEO is the Law Supplement Pay Transparency Nondiscrimination Equal Opportunity Policy (PDF) Employee Rights (PDF)

All Xcel Energy employees and contractors share responsibility for protecting the companys information and systems by adhering to cybersecurity policies standards and best practices recognizing that cybersecurity is everyones responsibility.

ACCESSIBILITY STATEMENT

Xcel Energy endeavors to make accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process please contact Xcel Energy Talent Acquisition at This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Required Experience: