Posted:
6/8/2026, 4:31:41 PM
Location(s):
Minneapolis, Minnesota, United States ⋅ Minnesota, United States ⋅ Denver, Colorado, United States ⋅ Colorado, United States
Experience Level(s):
Mid Level ⋅ Senior
Field(s):
IT & Security ⋅ Software Engineering
Are you looking for an exciting job where you can put your skills and talents to work at a company you can feel proud to be a part of? Do you want a workplace that will challenge you and offer you opportunities to learn and grow? A position at Xcel Energy could be just what you’re looking for.
Role Summary
The Security Engineer – Cloud Security (AWS) is responsible for building and running the AWS cloud security program with a focus on reducing risk through visibility, guardrails, and automation. This role identifies and analyzes cloud security risk, drives remediation through stakeholders, and implements preventative controls to reduce exposure over time. The role operates in an advisory capacity and does not perform direct operational changes. Initial focus is AWS across commercial and GovCloud environments, with planned expansion to Azure once the AWS program is mature. This position reports to the Manager, Vulnerability Management.
Primary Objectives
Build and mature the AWS cloud security program with clear ownership, processes, and workflows.
Identify, prioritize, and communicate cloud security risk across environments and stakeholders.
Implement preventative controls and guardrails to reduce risk before deployment.
Leverage automation and integration to reduce manual effort and improve consistency.
Support remediation by driving findings to the appropriate owners and tracking outcomes.
Responsibilities
Serve as the primary cloud security engineer for AWS environments, including commercial, GovCloud, dev, and test accounts.
Use AWS native security capabilities such as Inspector, Security Hub, and related services to identify and analyze risk.
Maintain visibility across IAM, network configuration, logging, monitoring, and workload security posture.
Identify issues such as overly permissive access, unused accounts, misconfigurations, and exposure risks.
Develop and implement guardrails, policies, and controls to prevent insecure configurations and reduce attack surface.
Promote the use of hardened images, containers, and standardized builds to reduce risk at deployment.
Integrate cloud security findings into existing workflows and coordinate remediation with responsible teams.
Work closely with Cloud Platform, SAP, Enterprise Architecture, and other teams to implement meaningful security improvements.
Partner with Application Security teams to support DevSecOps practices, including CI/CD pipeline integration, gates, and automation.
Support SAP cloud security needs and maintain awareness of SAP-specific risks within AWS environments.
Use APIs, scripting, and integration to automate data collection, analysis, and workflow execution.
Analyze cloud risk in context and communicate clear, actionable recommendations to stakeholders.
Support logging and monitoring capabilities setup and integration while deferring operational ownership to SOC/IR teams.
Required Qualifications
Minimum 5 years of experience in information security.
Strong hands-on experience with AWS cloud environments and security concepts.
Strong understanding of AWS IAM, networking, logging, monitoring, and workload security.
Experience using AWS native security tools such as Inspector, Security Hub, or equivalent.
Strong understanding of DevSecOps principles, CI/CD pipelines, and application security fundamentals.
Basic understanding of SAP environments in cloud-hosted architectures.
Experience identifying and communicating risk related to cloud configurations and architecture.
Strong analytical and complex technical problem-solving skills.
Ability to communicate technical risk clearly to non-technical stakeholders.
Experience with APIs, scripting, or automation for data integration and workflow execution.
Ability to operate independently and build a program with limited oversight.
Preferred Qualifications
Experience across multiple cloud environments, including AWS multi-account and GovCloud architectures.
Experience supporting Azure cloud environments.
Experience implementing preventative security controls such as guardrails, policy enforcement, or pipeline gating.
Experience improving data quality and visibility across multiple cloud and security data sources.
Experience working with enterprise cloud platform, networking, or architecture teams.
Certifications
AWS Certified Security – Specialty required.
AWS Certified Solutions Architect – Professional or AWS Certified DevOps Engineer – Professional preferred.
Work Location
Hybrid role requiring three days per week in the office. Must be located within Xcel Energy territory and reasonably close to an Xcel Energy facility. Denver, Colorado and Minnesota areas preferred.
As a leading combination electricity and natural gas energy company, Xcel Energy offers a comprehensive portfolio of energy-related products and services to 3.4 million electricity and 1.9 million natural gas customers across eight Western and Midwestern states. At Xcel Energy, we strive to be the preferred and trusted provider of the energy our customers need. If you’re ready to be a part of something big, we invite you to join our team.
All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Individuals with a disability who need an accommodation to apply please contact us at [email protected].
Non-BargainingThe anticipated starting base pay for this position is: $97,600.00 to $138,600.00 per yearThis position is eligible for the following benefits: Annual Incentive Program, Medical/Pharmacy Plan, Dental, Vision, Life Insurance, Dependent Care Reimbursement Account, Health Care Reimbursement Account, Health Savings Account (HSA) (if enrolled in eligible health plan), Limited-Purpose FSA (if enrolled in eligible health plan and HSA), Transportation Reimbursement Account, Short-term disability (STD), Long-term disability (LTD), Employee Assistance Program (EAP), Fitness Center Reimbursement (if enrolled in eligible health plan), Tuition reimbursement, Transit programs, Employee recognition program, Pension, 401(k) plan, Paid time off (PTO), Holidays, Volunteer Paid Time Off (VPTO), Parental LeaveBenefit plans are subject to change and Xcel Energy has the right to end, suspend, or amend any of its plans, at any time, in whole or in part.
In any materials you submit, you may redact or remove age-identifying information including but not limited to dates of school attendance and graduation. You will not be penalized for redacting or removing this information.
Deadline to Apply: 06/21/26EEO is the Law | EEO is the Law Supplement | Pay Transparency Nondiscrimination | Equal Opportunity Policy (PDF) | Employee Rights (PDF)
All Xcel Energy employees and contractors share responsibility for protecting the company's information and systems by adhering to cybersecurity policies, standards, and best practices, recognizing that cybersecurity is everyone's responsibility.
ACCESSIBILITY STATEMENT
Xcel Energy endeavors to make https://www.xcelenergy.com/ accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact Xcel Energy Talent Acquisition at [email protected]. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.
Website: https://xcelenergy.com/
Headquarter Location: Minneapolis, Minnesota, United States
Employee Count: 10001+
Year Founded: 1909
IPO Status: Public
Last Funding Type: Grant
Industries: Electrical Distribution ⋅ Energy ⋅ Natural Resources