Cloud Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).
• A minimum of 5+ years’ experience in cloud security, preferably with Microsoft Azure and the broader Microsoft cloud ecosystem (M365/D365).
• Analytical mindset with the ability to solve complex problems under pressure.
• Collaborative approach and ability to work across teams, advocating for security best practices.
• Detail-oriented, with a strong commitment to maintaining the highest levels of data privacy and compliance.
• Must be proficient in the Microsoft Office Suite, including Outlook, Excel, PowerPoint, and Word.

Nice To Haves

• Azure Security Engineer Associate (AZ-500)
• Microsoft Cybersecurity Architect Expert (SC-100)
• Microsoft Identity and Access Administrator (SC-300)
• CISSP, CCSP, or CISM
• GCLD, GCSA, or GCIH
• Strong, hands-on knowledge of Microsoft Azure security services, including Microsoft Defender for Cloud, Microsoft Sentinel, Azure Key Vault, Azure Policy, Azure Firewall, and Network Security Groups (NSGs).
• Strong knowledge of Microsoft Entra ID (formerly Azure AD), Conditional Access, Privileged Identity Management (PIM), and identity governance.
• Experience with cloud security posture management (CSPM), cloud workload protection (CWPP), and cloud-native application protection platform (CNAPP) tools, as well as enterprise SIEM platforms.
• Proficiency in securing M365 and D365, including MFA, role-based access control, data loss prevention (DLP), and Microsoft Purview information protection.
• Familiarity with authentication and authorization protocols (OAuth, OIDC, SAML), identity federation, zero-trust architecture principles, and TLS/PKI.
• Working knowledge of infrastructure-as-code (Terraform, Bicep, ARM templates), DevSecOps practices, and securing CI/CD pipelines.
• Excellent communication (written and verbal) for drafting SOPs, technical documentation, and stakeholder presentations.

Responsibilities

• Design, configure, and maintain security controls across Microsoft Azure, including IaaS, PaaS, and SaaS workloads, ensuring secure deployments and continuous posture management.
• Configure and maintain security across all Azure resources (e.g., virtual machines, virtual networks, storage accounts, Azure Key Vault, App Services, Azure SQL), while continuously improving cloud security baselines and configurations.
• Apply zero-trust principles to cloud workloads and SaaS applications, including micro-segmentation, least-privilege access, and continuous verification across Azure, M365, and D365.
• Deploy and manage Microsoft Defender for Cloud and Microsoft Defender XDR to monitor cloud security posture, detect misconfigurations, and remediate vulnerabilities across multi-cloud and hybrid environments.
• Conduct gap analyses against relevant cloud security standards (e.g., NIST, CIS Benchmarks for Azure/M365, SOC 2, PCI-DSS) and recommend remediations.
• Maintain records of audit findings and track resolutions to ensure ongoing cloud compliance.
• Develop and maintain cloud security standard operating procedures (SOPs), reference architectures, and best practices.
• Collaborate with cross-functional teams (Infrastructure & Operations, DevOps, Compliance) to disseminate guidance on secure cloud development, infrastructure-as-code (IaC), and operational activities, ensuring that new or updated cloud systems adhere to security best practices.
• Create and update knowledge base articles, runbooks, and incident response playbooks to standardize and streamline cloud security procedures.
• Oversee the security configurations within M365 and D365, including data loss prevention (DLP), Microsoft Purview information protection, conditional access, threat protection (Defender for Office 365, Defender for Cloud Apps), and update the cloud security roadmap as needed.
• Deploy and tune cloud-native protections including Azure Web Application Firewall (WAF), Azure Front Door, Azure DDoS Protection, and advanced threat analytics in coordination with internal teams and external vendors, and guide them through production rollout.
• Develop and maintain incident response protocols for cloud environments to ensure timely identification, containment of threats, and implementation of preventive measures.
• Configure and manage cloud security monitoring tools such as Microsoft Defender for Cloud, Microsoft Sentinel, Rapid7, and other SIEM/SOAR platforms to detect anomalies, suspicious activity, and potential attacks across Azure, M365, and D365.
• Evaluate and secure containerized workloads (e.g., Azure Kubernetes Service), serverless functions, and DevSecOps pipelines, embedding security into CI/CD processes.
• Provide guidance and expertise in cloud architecture reviews, cloud security risk assessments, and the formulation of cloud security strategies.
• Perform other duties and responsibilities as assigned.

Benefits

• Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.
• Reasonable accommodations will be made for qualified individuals with disabilities unless doing so would result in an undue hardship.