Security Engineer

AXA is embarking on its most radical and ambitious change programme in the history of its Healthcare business. Driven by a changing UK health landscape, the growth in the (preventative) Wellbeing sector, and the need for radical simplification, we are uniting several businesses internally to produce a stronger offering than ever before in our mission to empower people to be the best version of themselves.

As a Security Engineer, you'll provide hands-on technical expertise to guide software development, delivery and continuous improvement focusing on risk and security. You'll help evolve our new Digital Platform so that its secure and compliant with both internal and industry regulations. You'll analyse new feature code to identify security risks and work with engineers to mitigate them, working and applying modern security standards such as OWASP CI/CD, DSOMM, SAMM and Cloud Security Posture management systems such as Azure Defender and Prisma Cloud. With the range of technology platforms across our architecture, you'll have the opportunity to grow your expertise in new technologies, including PaaS and SaaS solutions, whilst supporting our engineers with specific security expertise.

At AXA we work smart, empowering our people to balance their time between home and the office in a way that works best for them, their team and our customers. You'll work at least two days a week (40%) away from home, moving to three days a week (60%) in the future. Away from home means either attendance at one of our office locations, visiting clients or attending industry events.

What you'll be doing:

• Analysing new feature code to identify security risks and working with engineers to mitigate
• Delivering improvements to our DSOMM score, either working with teams or directly taking responsibility for tasks (writing code, configuration, tooling, documentation)
• Working with our Information Security teams to ensure security policies are implemented in the most efficient and flexible manner
• Designing, building, operating and monitoring technology for large, complex multi-site b2c and b2b applications
• Working across multiple technology platforms with opportunities to learn and apply your security knowledge and experience to new platforms and technologies
• Contributing to the definition of, adhering to and upholding coding standards and our software delivery lifecycle to ensure the delivery of secure, quality systems
• Designing, building, operating and optimising logging technology to allow more data to be gathered about sites holistic performance and reliability

Due to the number of applications we expect to receive for this role, we reserve the right to close this advert earlier than the listed closing date to ensure we're able to effectively manage interest. Therefore, if you're interested in joining us at AXA, please don't hesitate to apply.

What you'll bring:

• Exposure to Cloud Native software development, including cloud infrastructure and API design (Azure preferred)
• Willingness to learn and apply engineering and security expertise to projects built on multiple platforms, such as Salesforce and Azure
• Proven experience applying modern standards such as OWASP CI/CD, DSOMM, SAMM etc
• Strong networking protocol knowledge (TCP/IP, UDP, HTTP/3, AMQP, streaming protocols etc), cloud network design (VPNs, subnets, regions/zones etc), and integration related technologies (Auth0, APIM)
• Expertise with SAST & SCA systems such as Snyk, Checkmarx
• Experience with DAST systems such as OpenZAP, Qualys DAST (preferred) ideally with HTTP APIs
• Ability to manage large scale software estates from a operational perspective (build, release, monitoring, rollbacks, high availability, etc)
• Hands on experience building automated security test suites

As a precondition of employment for this role, you must be eligible and authorised to work in the United Kingdom.

What we offer:
At AXA UK, we're appreciative of the people who work for us and our rewards package is reviewed regularly to reflect that. You can expect to receive:

• Competitive annual salary dependent on experience
• Annual company & performance-based bonus
• Contributory pension scheme (up to 12% employer contributions)
• Life Assurance (up to 10 x annual salary)
• Private medical cover
• 28 days annual leave plus Bank Holidays
• Opportunity to buy up to 5 extra days leave or sell up to 5 days leave
• Wellbeing services & resources
• AXA employee discounts

To apply, click on the 'apply for this job' button, you'll then need to log in or create a profile to submit your CV. We're proud to be an Equal Opportunities Employer and don't discriminate against employees or potential employees based on protected characteristics. If you have a long-term condition or disability and require adjustments during the application or interview process, we're proud to offer access to the AXA Accessibility Concierge. For our support, please send an email to lauren.-

Who we are:
At AXA Health, we're passionate about helping our members to put their health first, whether that's individuals and families, small businesses, or huge corporates. From fast access to diagnosis and treatment, to guidance and tools that can help them manage their health every day, not just when there's a problem, our members can be confident we'll guide them, every step of the way.