Senior Cloud Security Engineer (Azure/ Microsoft)

About The Position

Requirements

• Associate’s degree in Information Technology, Computer Science, or related field required; Bachelor's degree preferred
• Minimum of 10 years of experience in systems administration required
• Minimum of 8 years of experience with Microsoft technologies and security hardening required
• Expert knowledge of NIST frameworks, CIS benchmarks, and PCI standards
• Advanced understanding of security compliance requirements and implementation strategies
• Proven expertise in system hardening techniques for both Windows and Linux environments
• Thorough knowledge of security automation and compliance validation tools
• Experience with security incident response and vulnerability management
• Advanced knowledge of PKI infrastructure and certificate management
• Group Policy security (Azure/Entra)
• Windows Server security features and hardening
• Database security and access controls
• Security log analysis and monitoring tools
• Vulnerability assessment tools
• Security automation scripting
• Zero-Trust Network Access solutions
• Secure remote access solutions
• Network security architecture
• Security best practices for cloud environments (Azure/Entra)
• Change management in high-security environments
• Security audit procedures and documentation
• Compliance reporting and validation
• Security incident handling and response
• Risk assessment and mitigation strategies

Nice To Haves

• Minimum of 5 years of experience implementing NIST, CIS, and/or PCI compliance standards preferred
• Minimum of 8 years of experience in security automation using PowerShell or other scripting languages preferred
• ITIL Certifications, preferred
• Azure-Entra/Microsoft Certifications, preferred
• Security certifications preferred (e.g., Security+, CISSP, CCSP)

Responsibilities

• Implement and maintain security controls in accordance with NIST frameworks, CIS benchmarks, and PCI standards
• Lead vulnerability assessments, security hardening initiatives, and remediation efforts across the enterprise
• Design and maintain a secure Azure/Entra cloud environment following security best practices and compliance requirements
• Develop and execute security automation scripts using PowerShell and/or other scripting language for system hardening and compliance validation
• Manage and respond to security incidents, including zero-day vulnerabilities and critical patches
• Implement and maintain secure configurations for Azure /Entra, Group Policy, Intune and PKI infrastructure
• Configure and maintain system logging and security monitoring solutions (e.g., Splunk, Syslog)
• Perform security assessments and audits to ensure compliance industry standard frameworks
• Lead secure infrastructure migration and enhancement projects while maintaining compliance requirements
• Manage enterprise database systems with focus on security best practices and access controls
• Implement and maintain secure backup and disaster recovery solutions
• Develop and maintain security documentation and standard operating procedures
• Coordinate with cybersecurity team for continuous security improvements and threat mitigation
• Manage and maintain company risk management platform for audit readiness against NIST and PCI standards.
• Design and maintain Zero Trust architecture with identity-based access, continuous verification, least-privilege enforcement, and device trust controls.
• Implement and manage Zero Trust Network Access (ZTNA) to securely support remote and cloud workloads while reducing dependence on perimeter-based security
• Evaluate and secure AI-enabled tools and platforms in alignment with EDUCAUSE security standards, data governance, and regulatory requirements.
• Implement security controls for AI workloads, including data protection, access controls, monitoring for misuse, and safeguards against data leakage.
• Partner with stakeholders to assess AI risks, define responsible-use guardrails, and integrate AI threats into security, incident response, and risk management processes.
• Continue to refine organization AI security practices, policies, and tooling as organizational needs evolve
• Always represent EDUCAUSE in a professional manner; engages with co-workers, volunteers, and members in a civil, caring, respectful way. Supports the professional development of others in their work to advance the mission and vision of EDUCAUSE.
• Participate in EDUCAUSE events and activities as needed. Travel may be required to support EDUCAUSE conferences/events, research team operations, and external events relevant to the position.
• Act as a departmental liaison with employees, members, volunteers, volunteer groups, and clients.
• Supports members in a manner that facilitates their growth, engagement, and enhances their EDUCAUSE experience.
• As a frontline user of EDUCAUSE systems and data services, complies with data quality standards; adheres to data governance policies, procedures, and processes for ensuring data integrity. May act as the application or data collection lead for the department.
• Perform other duties as assigned.

Benefits

• Medical, Dental, and Vision
• 2-for-1 employer match to your 403(b) retirement plan; up to 10% of your base salary
• Employer-paid Life and AD&D, Short‐Term Disability, and Long‐Term Disability
• 15 days of vacation and 6 days of personal time annually
• 9 paid holidays
• One week of paid time off when offices are closed between Christmas and New Year’s Day
• 36-hour work week (without any reduction in pay) amounting to 26 additional days of paid time off each year
• Employee Assistance Program (EAP)
• Emergency Travel Assistance
• Professional development assistance
• Monthly connectivity reimbursement