W2 Role - Cloud Security Engineer (Azure Focus)

Job Description

Title: Cloud Security Engineer (Azure Focus)

Location: On Site in McKinney, TX. hybrid 3-4 days a week

Duration: 12+ Months

Interview: Video

Position Details

We are seeking a Cloud Security Engineer with a strong focus on Microsoft Azure to design, implement, and operate security controls across a predominantly Azure-based environment. This role will partner closely with Cloud Engineering, Identity, and Cyber Operations teams to ensure secure-by-design cloud deployments, continuous monitoring, and alignment with enterprise security frameworks.

Key Responsibilities

Azure Security Architecture & Engineering

• Design and implement security controls across Azure services including compute, storage, networking, and PaaS offerings
• Secure Azure landing zones using best practices aligned to Zero Trust principles
• Implement and manage Azure-native security services (Defender for Cloud, Conditional Access, Key Vault, etc.)
• Partner with architecture teams to embed security into cloud design patterns and reference architectures

Cloud Security Operations

• Monitor and respond to cloud security alerts and incidents across Azure environments
• Integrate Azure logs with SIEM/SOAR platforms (e.g., Sentinel, CrowdStrike, etc.)
• Support incident response activities related to cloud threats and misconfigurations
• Develop automation for detection and response using Azure-native tooling

Identity & Access Security

• Implement and enforce strong identity controls leveraging Microsoft Entra ID
• Design Conditional Access policies and support passwordless initiatives (WHfB, FIDO2, etc.)
• Ensure least privilege access using RBAC, PIM, and Just-in-Time access models

Cloud Posture & Vulnerability Management

• Manage cloud security posture using tools such as Defender for Cloud and/or CNAPP platforms
• Identify and remediate misconfigurations, vulnerabilities, and compliance gaps
• Partner with engineering teams to prioritize and remediate risks based on business impact

Data Protection & Governance

• Implement data protection controls across Azure services (encryption, DLP, data classification)
• Secure data flows between cloud services and external integrations
• Support compliance initiatives (NIST, CIS, ISO, PCI, etc.) through technical control implementation

DevSecOps & Automation

• Integrate security into CI/CD pipelines (IaC scanning, secrets management, policy enforcement)
• Support secure Infrastructure-as-Code (Terraform, Bicep, ARM templates)
• Automate security controls and validation through scripting (PowerShell, Python, etc.)

Required Qualifications

• 5+ years of experience in cloud security or cloud engineering
• Strong hands-on experience securing Microsoft Azure environments (90%+)
• Experience with:
  • Microsoft Defender for Cloud / Azure Security Center
  • Microsoft Entra ID (Azure AD), Conditional Access, RBAC
  • Azure networking (VNets, NSGs, Private Endpoints, Firewall)
• Familiarity with SIEM/SOAR platforms (e.g., Microsoft Sentinel, CrowdStrike, Splunk)
• Experience with Infrastructure-as-Code and automation
• Strong understanding of Zero Trust architecture principles

Preferred Qualifications

• Experience with CNAPP platforms (e.g., Wiz, Prisma Cloud, CrowdStrike CNAPP)
• Knowledge of SaaS security monitoring and API-based integrations
• Familiarity with Zscaler (ZIA/ZPA) or similar secure access solutions
• Experience in hybrid environments (Azure + on-prem)
• Relevant certifications:
  • AZ-500 (Azure Security Engineer)
  • CISSP, CCSP, or equivalent