Cloud Security Engineer (Remote Eligible)

Ardent MillsDenver, CO
$140,000 - $200,000Remote

About The Position

The Cloud Security Engineer engineers and operates security controls across Azure environments and other leading cloud platforms as needed. This role builds guardrails, monitors posture, and responds to cloud threats while enabling teams to move quickly and safely. Additionally, this role focuses on cloud security architecture, best practices, resource standards, configuration management, and detection. As a Cloud Security Engineer, you will design, implement, and operate security controls primarily across Microsoft Azure environments, with potential expansion to other leading cloud platforms over time. You will build guardrails, monitor posture, and respond to cloud threats while enabling teams to move quickly and safely. Focus on cloud security architecture, best practices, resource standards, configuration management and detection.

Requirements

  • Bachelor’s in computer science/engineering or equivalent experience.
  • 4–7 years in cloud security engineering across at least one major CSP.
  • Strong knowledge of IAM, networking, encryption, and cloud-native security tooling.
  • Experience securing hybrid environments spanning on-premises and Azure cloud.
  • Scripting/automation expertise (Python/Bash/PowerShell; Terraform/Bicep/ARM).
  • Certifications: CCSP; AWS Certified Security – Specialty, Azure Security Engineer Associate (AZ-500), or Google Professional Cloud Security Engineer.

Nice To Haves

  • Experience with CIEM solutions and multi-cloud governance.
  • Certifications: GIAC Cloud (GCSA/GPCS), CNCF CKA/CKS, vendor pro-level architect certs.

Responsibilities

  • Lead design and implementation for cloud landing zones, identity, and network controls (VPC/VNet, security groups/NSGs, private endpoints).
  • Configure cloud-native security services (e.g., Microsoft Defender for Cloud, Microsoft Sentinel, Defender XDR).
  • Build posture management (CSPM) and workload protection (CWPP) with policy-as-code and automated remediation.
  • Implement key management, encryption at rest/in transit, and certificate governance using KMS/Key Vault/Cloud KMS.
  • Establish logging, telemetry, and alerting (Azure Monitor) integrated to SIEM/XDR.
  • Work with key team members across IT and Security to test and validate total coverage / maturity of detection telemetry from cloud native sources.
  • Determine architecture as needed to harden serverless containers, and managed services (Functions, Logic Apps, Container Apps, AKS, ACI) with baseline controls.
  • Perform threat modeling and security reviews for cloud architectures and application designs.
  • Partner with platform and product teams to deliver IaC guardrails, image baselines, and patch/vulnerability workflows.
  • Respond to cloud incidents as a point of escalation; perform triage, containment, and post-incident improvements.
  • Develop automation architecture where applicable to optimize cloud detection and response capabilities.
  • Leverage automation and AI-assisted capabilities where appropriate to enhance cloud detection and response.
  • Document standards and runbooks; conduct enablement sessions with dev and ops teams.
  • Design partner in cloud security strategy and program maturity.
  • May support cloud migration programs and control design reviews.

Benefits

  • Medical, Dental and Vision Coverage
  • Health and Dependent Savings Accounts
  • Life and Disability Programs
  • Voluntary Benefit Programs
  • Company Sponsored Wellness Programs
  • Retirement Savings with Company Match
  • Team Member and Family Assistance Program (EAP)
  • Paid Time Off and Paid Holidays
  • Employee Recognition Program with Rewards (RAVE)
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service