Senior Security Engineer - Azure Security

About The Position

Requirements

• 5+ years of progressive experience in cybersecurity engineering
• Deep expertise in Microsoft Azure security and the Microsoft security ecosystem
• Hands-on experience with: Azure Policy (JSON), Intune, Entra ID (Conditional Access, PIM, RBAC), Microsoft Defender for Cloud and Defender for Cloud Apps
• Functional experience with network security platforms, including Palo Alto Networks and Cloudflare
• Strong background with Azure components
• Working knowledge of AWS IAM, federation (SAML/OIDC), and cross-cloud identity concepts
• Strong understanding of cloud architecture, networking fundamentals, and zero trust principles
• Excellent technical documentation and written communication skills
• Ability to operate independently in a fast-moving environment with evolving priorities
• Excellent communication, analytical thinking, and problem-solving abilities
• Applicants must be authorized to work for any employer in the U.S.
• We are unable to sponsor or take over sponsorship of an employment Visa for this position.

Nice To Haves

• Experience in insurance, financial services, or other regulated industries
• Familiarity with NAIC Model Laws, SOX, and insurance regulatory requirements
• Experience with NIST CSF, CIS Controls, or ISO 27001
• Infrastructure-as-Code experience (Terraform, Bicep, ARM)
• PowerShell and/or KQL for automation and investigation
• Experience with Microsoft Purview, DLP, or information protection
• Familiarity with CI/CD and DevSecOps practices
• Cloudflare Zero Trust experience
• AZ-500, SC-100, SC-200
• CISSP
• PCNSE
• AWS Security Specialty
• Relevant GIAC certifications

Responsibilities

• Cloud Security Engineering & Program Maturation Serve as a senior technical contributor driving the maturation of Core Specialty’s Azure security posture
• Identify gaps in cloud security controls, define remediation approaches, and deliver measurable improvements
• Act as a technical escalation point for complex security engineering challenges and incidents
• Partner with IT, GRC, and business stakeholders to align security engineering solutions with risk objectives
• Balance work across multiple concurrent projects and BAU (business-as-usual) security operations
• Design, implement, and manage Azure Policy definitions, initiatives, and assignments to enforce security baselines and regulatory requirements
• Engineer and maintain security configurations across Azure services, including Azure Firewall, Network Security Groups (NSGs), Key Vault, and Microsoft Defender for Cloud
• Develop and operationalize monitoring, alerting, and remediation workflows for Azure policy non-compliance
• Define and enforce cloud application security policies using Microsoft Defender for Cloud Apps (MDCA)
• Implement Conditional Access App Control for real-time session enforcement across SaaS applications
• Establish cloud application risk scoring, usage policies, and data exfiltration controls
• Partner with business units to assess and onboard new cloud applications with appropriate security guardrails
• Architect and manage Microsoft Entra ID (Azure AD) security configurations, including: Conditional Access, Privileged Identity Management (PIM), Access reviews and identity governance, Role-based access control (RBAC)
• Govern identity lifecycle and entitlement management across Azure and integrated SaaS platforms
• Support identity security governance in AWS IAM, including federation and cross-cloud identity considerations
• Design and manage Azure-native network security controls, including: Azure Firewall, Azure Front Door, Azure WAF, Azure DDoS Protection, VNets, Private Endpoints, and NSGs
• Support perimeter and segmentation security using Palo Alto Networks firewalls and Panorama
• Manage and support Cloudflare security services (WAF, DDoS, DNS security, ZTNA, Bot Management)
• Collaborate with network engineering teams to ensure designs align with zero trust principles
• Design, deploy, and manage Microsoft Intune security policies at scale, including: Device compliance and configuration profiles, Endpoint protection and ASR rules, Application Protection Policies (MAM), Windows Autopilot and enrollment controls
• Maintain endpoint security baselines aligned with CIS benchmarks
• Support integration and operational transition to SentinelOne as the primary EDR platform
• Partner with IT operations to safely test and deploy endpoint security changes
• Act as a senior technical escalation point during security incidents
• Contribute to incident response playbooks and post-incident reviews
• Produce high-quality technical documentation, including: Security architecture diagrams, SOPs and runbooks, Policy rationale and audit artifacts

Benefits

• At Core Specialty, you will receive a competitive salary and opportunities for professional development and advancement.
• We offer medical, dental, vision, and life insurances; short and long-term disability; a Company-match of 100% of a 6% contribution 401(k) plan; an Employee Assistance Plan; Health Savings Account, Flexible Spending Account, Health Reimbursement Account, and a wellness program