Azure Cloud Security Engineer

Kids Dental Brands•Phoenix, AZ

1d•Hybrid

About The Position

Kids Dental Brands is seeking an experienced Cloud Security Engineer to support and strengthen security across their growing organization. This role will serve as the dedicated security operator for their Microsoft 365, Entra, and Azure environment, helping protect systems, identities, endpoints, and cloud infrastructure across the business. This is a highly hands-on role focused on security operations, identity and access management, threat detection, endpoint protection, and cloud/network security. The ideal candidate is analytical, organized, and proactive, with the ability to investigate security incidents thoroughly, identify root causes, and clearly communicate risks and recommendations. In addition to day-to-day security operations, this individual will help support broader security initiatives, improve governance and organization within the environment, and contribute to building scalable processes as the company continues to grow. This role is best suited for someone who enjoys problem solving, works well independently, and thrives in a fast-moving environment with evolving priorities.

Requirements

Must be based in or around Phoenix, Arizona
7+ years in IT, including 3+ years focused on security in the Microsoft Azure and Microsoft 365 ecosystem.
Hands-on experience with Microsoft Entra and Microsoft Defender XDR is required.
Experience operating in a HIPAA-regulated environment is strongly preferred.
Required – at least one of: Microsoft AZ-500, SC-200, or SC-300.
Hands-on experience administering and securing Azure, Microsoft Entra, Exchange Online, and Microsoft Defender XDR.
Strong PowerShell (Microsoft Graph and Az modules) and KQL required.
Excellent verbal and written communication; remains calm under stress; documents technical decisions clearly in writing.

Nice To Haves

Microsoft SC-100, CISSP, GIAC GCIH or GCSA, or CCSP.
Familiarity with Microsoft Sentinel, Cisco Meraki, and identity-provider federation patterns (SAML, OIDC, SCIM) preferred.

Responsibilities

Identity & Access Management: Own Microsoft Entra security configuration – Conditional Access, Privileged Identity Management, MFA and passwordless, app-registration governance, and access reviews of privileged and high-impact groups.
Threat Detection & Response: Triage and remediate security alerts across Microsoft Defender XDR, Entra Identity Protection, and Exchange Online Protection within defined service-level targets. Own the Security Incident Response Process, maintain audit-log coverage, write KQL detections, and document remediation as the work is being done.
Cloud & Network Security: Maintain the security posture of KDB's Azure subscriptions – network controls, firewalls, Key Vault, and Defender for Cloud secure-score remediation.
Email & Collaboration Security: Maintain Exchange Online Protection, Defender for Office 365, transport rules, and Microsoft Purview DLP. Drive email-authentication maturity.
Compliance: Serve as KDB's designated HIPAA Security Officer; configure and evidence security controls aligned to HIPAA; support internal and external audits.
Vulnerability, Documentation & DR: Run regular vulnerability and configuration assessments; keep documentation of policies, configurations, and incidents current; coach IT peers; contribute to disaster-recovery planning and testing.
Maintain and exhibit our core values of compassion, authenticity, talent, and teamwork.
All other duties as assigned or apparent.

Benefits

Medical, dental, vision, and basic life insurance
Voluntary life insurance, short- and long-term disability, legal assistance, identity theft protection, critical illness, hospitalization, and cancer insurance
Incentive-based wellness initiatives plus access to our Employee Assistance Program
401(k) retirement plan with company match
Paid time off, wellness days, and paid holidays annually

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume