Senior Security Engineer - Data & Identity

DESCRIPTION

As a Data & Identity Security Engineer within Shift, you will act as a specialist bridge between our core infrastructure and our information security objectives. This is a hybrid role designed for a T-shaped engineer: you will spend 60% of your time leading deep-dive engineering projects to engineer and automate our Identity and Data Protection capabilities, and 40% of your time supporting the wider team with general SecOps and DevSecOps BAU and improvement projects.

You will own the technical design and implementation of the "Who, What, and Where" - ensuring the right people have access to the right data, while maintaining a holistic view of our general security posture. As part of the Information Security Department, this role reports to the CISO.

 

RESPONSIBILITIES

Identity & Data Engineering (60% - Primary Focus)

• Identity Architecture & Automation: Design, build, and maintain automated Joiner, Mover, and Leaver (JML) workflows to ensure seamless and secure user lifecycle management.
• Data Governance & Control: Translate high-level data classification policies into practical technical controls, including Role-Based Access Control (RBAC) models and automated Data Loss Prevention (DLP) rules.
• IAM Integration: Lead the technical integration of critical business applications into the central IAM platform (e.g., Entra ID, Okta) utilizing SSO (SAML/OIDC) and automated provisioning (SCIM).
• Access Engineering: Define and refine the logic for automated access approvals, access reviews, and "just-in-time" privilege escalation, handling exceptions that fall outside of standard workflows.
• Data Discovery: Engineer and operate automated detections to identify, map, and classify sensitive data across our cloud and SaaS environments.
• Secure by Design (Identity): Collaborate with DevOps and Infrastructure teams to ensure Identity best practices (Secret Management, Service Principal least-privilege, Machine Identity) are embedded in new systems and CI/CD pipelines.

General Security Operations & DevSecOps (40% - BAU & Support)

• Detect & Respond: Participate in the general security incident response rotation. Investigate alerts, contain threats, and drive recovery for security events (not limited to identity).
• Vulnerability Management: Support the operation of the software vulnerability management program, helping to prioritize remediation of code defects and infrastructure flaws.
• Cloud Security Operations: Collaborate with SRE and Cloud Operations to monitor the general security of the Azure platform, identifying risks and weaknesses in infrastructure (CSPM) and architectural and engineering flaws.
• Security Tooling: Assist in the maintenance of holistic security tooling coverage (e.g., Endpoint Detection, SAST/DAST tools) to ensure the build and deploy pipeline remains secure.
• Technical Escalation: Serve as a technical escalation point for complex security issues involving authentication, authorization, and general security anomalies.

 

SKILLS & BACKGROUND

The ideal candidate is a security engineer who has sub-specialized in Identity and Data but retains broad general Cloud Security, DevSecOps, and SecOps skills applicable to a growing SOC.

Core Experience:

• 5+ years of experience in technical security roles (Security Engineering, IAM Engineering, or Systems Integration).
• Proven experience working in regulated environments (e.g., ISO 27001, SOC 2, GDPR) and translating compliance requirements into technical data controls.
• Familiarity with security frameworks, particularly MITRE ATT&CK.
• Understanding of compliance and privacy fra