Cloud Security Engineer – Level V

This is a fully remote position, open to applicants in United States.

📋 Description

• Design, develop, and implement cloud security architecture solutions in Microsoft Azure that are in alignment with business objectives, technical requirements, and industry frameworks (e.g., NIST CSF, CIS Benchmarks).

• Build and maintain security automation utilizing Infrastructure as Code (IaC) tools such as Terraform, Bicep, or ARM templates to ensure deployments are consistent, repeatable, and auditable.

• Architect and implement cloud-native security controls including network segmentation, micro-segmentation, encryption at rest and in transit, and secrets management.

• Collaborate with IT Infrastructure and Enterprise Architecture teams on the migration strategy for transitioning on-premise data centers to Microsoft Azure, guaranteeing that environments are secure, compliant, and resilient from the outset.

• Assess and remediate security risks across hybrid and cloud-native architectures during the migration lifecycle.

• Implement and manage Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platform (CNAPP) tools to ensure continuous visibility and compliance.

• Work alongside development and platform engineering teams to integrate security into CI/CD pipelines, including static/dynamic code analysis (SAST/DAST), container image scanning, dependency vulnerability scanning, and automated policy enforcement.

• Write production-quality code and automation scripts (Python, PowerShell, Bash, or Go) to develop security tooling, automate remediation workflows, and integrate security controls across cloud services.

• Advocate for secure software development practices across engineering teams, encompassing threat modeling, secure code reviews, and security architecture assessments.

• Support the adoption of policy-as-code and detection-as-code practices to programmatically enforce security standards.

• Lead the design, development, and implementation of a cloud-based IAM strategy, which includes Zero Trust principles, least-privilege enforcement, conditional access, and identity governance.

• Manage and optimize identity platforms (e.g., Microsoft Entra ID), role-based access control (RBAC), privileged access management (PAM), and authentication protocols (OAuth 2.0, SAML, OIDC).

• Implement and fine-tune cloud-native monitoring, logging, and alerting using tools such as Microsoft Sentinel or comparable SIEM/SOAR platforms.

• Develop and enforce cloud security policies, standards, and procedures, while maintaining audit readiness for relevant compliance frameworks.

• Stay up-to-date with emerging technologies, threat vectors, and industry trends — including AI-driven threat detection, container and serverless security, and evolving regulatory requirements.

• Serve as a subject matter expert, offering technical guidance and mentorship to fellow engineers and cross-functional team members.

⛳️ Requirements

• 8 - 10+ years of progressive experience in IT, cybersecurity, or cloud engineering.

• 10 years of hands-on experience in Microsoft Azure security architecture and operations.

• Demonstrated experience in software development or platform engineering, with proficiency in at least two of the following: Python, PowerShell, Go, Bash, or TypeScript.

• Proven experience designing and implementing IaC-driven cloud environments using tools such as Terraform, Bicep, or ARM templates.

• Direct experience integrating security tools into CI/CD pipelines (e.g., GitHub Actions, Azure DevOps, GitLab CI) and operating within DevSecOps workflows.

• Proven success in leading or significantly contributing to data center-to-cloud migration projects.

• Experience with AI/ML workload security or securing generative AI deployments.

• Bachelor's degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or a related field (or equivalent professional experience).

• At least one active cloud security certification is mandatory: CCSP, CISSP, Microsoft Certified: Cybersecurity Architect Expert (SC-100), AZ-500 (Azure Security Engineer Associate), or equivalent.

• Additional certifications in cloud engineering, DevSecOps, or AI security are highly desirable (e.g., AZ-305, Terraform Associate, Certified Kubernetes Security Specialist).

🏝️ Benefits

• 8 Paid National Holidays & 4 additional Floating Holidays.

• PTO that encompasses Vacation and Sick time.

• Medical, Dental, and Vision Benefits.

• 401k Savings and Retirement Plan.

• Paid Parental Bonding Leave for New Parents.

• Flexible Work Schedules and Part-time Opportunities.

• Generous Employee Referral Bonus Program.

• Mentorship Programs - Mentor and Mentee.

• Student Loan Repayment Assistance by Location.

• Relocation Assistance.

• Regional & National traveling CPO/CO/CP opportunities.

• Opportunities for Volunteering at Local and National events such as Hanger’s BAKA Bootcamp and EmpowerFest.