Sr. Cloud Security Engineer (Remote)

Inspira FinancialOak Brook, IL
Remote

About The Position

The Sr. Cloud Security Engineer (Sr. CSE) is a hybrid cloud and security engineering role responsible for the hands-on remediation of infrastructure and cloud vulnerabilities, ensuring cloud and infrastructure resources maintain compliance with established policies and Minimum-Security Baselines (MSBs), and reporting the organization's current compliance posture. The Sr. CSE will partner with the Security team to define, author, and maintain cloud security policies - keeping pace with evolving industry trends and regulatory requirements. This role will also actively participate in audit activities, including evidence gathering, reporting, and cross-functional collaboration with Compliance, Legal, and IT teams.

Requirements

  • 10+ years of experience in cloud engineering, infrastructure, or security engineering - with demonstrated hands-on security work, not just advisory
  • Bachelor's Degree in Computer Science, Software/Computing Engineering, Information Security, or related field - or equivalent experience
  • Experience working in regulated industries (Financial Services, Insurance, or Health-Tech preferred)
  • Familiarity with compliance frameworks: NIST, HIPAA, PCI and Minimum Security Baselines (MSBs)
  • Hands-on experience or significant exposure to the following services and concepts:
  • Cloud Platform - Azure
  • Networking & Security: Virtual Networks (VNETs) and peering, NSGs, UDRs, Private Endpoints, Azure Firewall, Application Gateways (including WAF - OWASP ruleset configuration, Detection vs. Prevention mode), ExpressRoute, VPN Gateways, and Azure Bastion
  • Compute & Containers: Virtual Machines, VM Scale Sets, AKS (Kubernetes), and Container App Environments - including cluster hardening, network policy enforcement, workload identity, and Azure Policy for Kubernetes
  • Identity & Access: Active Directory (on-prem, hybrid Entra Connect sync), Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policy design and enforcement, Azure RBAC (including custom role design), and Entra ID Protection
  • Security & Compliance Tooling: Microsoft Sentinel, Microsoft Defender for Cloud (Defender for Containers, Defender for Servers, Defender CSPM), and Azure Policy
  • Monitoring & Observability: Azure Monitor - KQL, alert rule configuration, log-based queries, and action group integrations; familiarity with Log Analytics Workspace architecture and log ingestion patterns at scale
  • Secrets & Certificates: Azure Key Vault and Key Vault CSI Secrets Store driver for AKS
  • Storage & Recovery: Storage Accounts, Backup Vault, and Azure Site Recovery
  • Virtual Desktop: Azure Virtual Desktop (AVD)
  • Security Tooling
  • Rapid7 - vulnerability management and scanning (InsightVM or InsightIDR); scan configuration, reporting, and SLA tracking
  • Wiz and/or Orca Security - CSPM/DSPM platform experience; cloud misconfiguration identification, prioritization, and remediation workflows
  • Microsoft Sentinel - SIEM administration, analytics rule management, and data connector configuration; familiarity with security log feeds from edge and email security platforms preferred
  • Microsoft Defender for Cloud - Defender plans (Servers, Containers, CSPM), agentless scanning, and security recommendation management
  • Datadog - log management, infrastructure monitoring, and security-adjacent alerting
  • Identity, Access & Privileged Access Management
  • Delinea Secret Server (Thycotic) - PAM administration, privileged credential vault management, and access policy configuration
  • Active Directory + Entra ID - hybrid identity, Entra Connect sync, group policy (GPO), DNS, and DHCP administration
  • Conditional Access, PIM, and RBAC - policy design, enforcement, and least-privilege access models at enterprise scale
  • Microsoft Intune - device compliance enforcement as part of a Zero Trust security posture
  • Certificate Management - PKI, TLS/SSL lifecycle management, certificate inventory, and renewal processes
  • Network & Perimeter Security
  • Cloudflare (Enterprise) - CDN, WAF, DDoS protection, and DNS proxy configuration and management
  • Network routing and VPN - hub-and-spoke topology, route tables, ExpressRoute, and VPN Gateway
  • Cisco ASAv - virtual firewall configuration and management
  • DNS, DHCP, and Group Policy - enterprise-scale administration in hybrid environments
  • DevOps, IaC & Pipeline Security
  • Azure DevOps (ADO) - CI/CD pipeline security, build agent management, and secure pipeline design
  • GitHub / GitLab - source control security, branch protection, secret scanning, and pipeline hardening
  • Infrastructure-as-Code (IaC) - Terraform, ARM templates, or Bicep - with a security-first approach to cloud deployments
  • CHEF - configuration management and compliance-as-code for server fleet hardening and baseline enforcement
  • Endpoint & Server Platforms
  • Windows Server - administration, hardening, security baseline enforcement, and Group Policy management
  • Linux Server - administration, hardening, and security baseline enforcement across enterprise server fleets
  • Microsoft 365 Suite - Exchange, SharePoint, Teams, and Intune - security configuration and administration
  • Frameworks & Compliance
  • Familiarity with NIST, HIPAA, and organizational Minimum Security Baselines (MSBs)
  • Understanding of Zero Trust architecture principles and how they apply across identity, network, and workload security
  • Familiarity with PCI-DSS scoped environment security requirements preferred
  • Experience operating in regulated industries (Financial Services, Insurance, or Health-Tech)

Nice To Haves

  • Technical certifications preferred: AZ-500, SC-100, SC-200, AZ-104, or equivalent cloud/security certifications
  • Experience with or exposure to the following developer runtimes and technologies is a plus, as this role will consult on security posture within environments built on: ASP.NET, .NET, Java (JBoss / Hibernate / JMS), gRPC, Redis, SQL Server

Responsibilities

  • Perform hands-on remediation of infrastructure and cloud vulnerabilities, driving issues to closure within established SLAs and policy requirements
  • Operate and administer vulnerability management and cloud security posture management (CSPM/DSPM) tooling - managing scan coverage, remediating findings, and reporting on SLA adherence
  • Identify, prioritize, and remediate cloud misconfigurations and security posture gaps across the organization's Azure subscriptions and infrastructure
  • Implement and validate security controls across cloud-native services, IaaS, PaaS, and container-based workloads
  • Maintain and enforce secure configurations across firewalls, network security components, application delivery infrastructure, and compute platforms in partnership with the Security Team
  • When needed, assist with privileged credential hygiene, certificate lifecycle, and secrets governance across the environment
  • Support the hardening of Windows and Linux server environments through configuration management and compliance-as-code practices
  • Maintain awareness of known and emerging vulnerabilities across the full technology stack - cloud services, OS platforms, network components, and application runtimes
  • Monitor and report the organization's compliance posture against established security policies, baselines, and regulatory frameworks
  • Partner with the Security team to define, author, and maintain cloud and infrastructure security policies - keeping pace with evolving industry trends and regulatory requirements
  • Review and update existing policies on a regular cadence to reflect changes in the cloud environment and threat landscape
  • Produce accurate, timely compliance posture reports for leadership - covering baseline adherence, vulnerability SLA performance, and remediation progress
  • Coordinate and assist in evidence collection and audit maintenance for internal and external organizational assessments, including regulatory audits and third-party risk reviews
  • Respond to findings from audits, security questionnaires, and internal/external scanning or penetration testing
  • Partner with Software Engineering and App Security teams to embed security into CI/CD pipelines and deployment workflows - including secret scanning, least-privilege deployment identities, and secrets management integration
  • Review and advise on Infrastructure-as-Code (IaC) implementations from a security perspective, ensuring patterns align with security baselines and organizational standards
  • Support secure configuration management across server and cloud environments
  • Ensure PKI and certificate management practices are maintained across the environment - including TLS/SSL lifecycle, renewal processes, and certificate inventory
  • Serve as an informal technical leader and security subject matter expert across Cloud Engineering, Platform Engineering, and adjacent teams
  • Mentor engineers on security best practices, secure design patterns, and compliance requirements - elevating security competency across the department without direct people management responsibilities
  • Contribute to architecture and design reviews, providing a security lens on cloud platform decisions in partnership with the Cloud Architect
  • Consult on secure architecture, container platform hardening, network segmentation, and pipeline security practices with Cloud Engineering & Platform Engineering
  • Partner on identity governance, privileged access management, and access control policy enforcement with Identity & Access Management (IAM)
  • Collaborate with the Security Detection & Response team on vulnerability prioritization, SLA tracking, remediation coordination, and incident response activities
  • Provide technical support for evidence gathering, compliance posture reporting, and audit response for Audits & Assessments
  • Consult on security requirements for cloud-native application platforms, ensuring developer environments are built securely from the ground up with Application Development Teams
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service