Azure Cloud Security Engineer

Job Title: Senior Azure Cloud Security Engineer (Oil & Gas Domain)

Work Location: Arlington, VA (Fully Onsite)
Full Time Role

If you find this opportunity suitable, kindly share your updated resume. Also, please let me know a good time to connect with you for a quick discussion.

Looking forward to hearing from you!

Job Description

This role requires expert-level, hands-on experience in the Microsoft security ecosystem coupled with deep proficiency in best-of-breed third-party tools like CrowdStrike, Splunk, and Tenable. 

Responsibilities

• Design and maintain complex conditional access policies incorporating device compliance, location, and risk-based signals.
• Implement Privileged Identity Management (PIM) to enforce just-in-time (JIT) and just-enough-administration (JEA) for high-impact roles.
• Conduct regular access reviews and manage identity lifecycles for employees, contractors, guests, and service accounts. 
• Configure MDM and MAM policies, including device enrollment restrictions, compliance baselines, and configuration profiles for Windows, macOS, iOS, and Android.
• Oversee patching deployments and automate OS/Application patching cycles to maintain a low vulnerability footprint. 
• Build and tune sensitivity labels for automatic data classification across SharePoint, Teams, and Exchange.
• Develop Data Loss Prevention (DLP) policies to prevent unauthorized data exfiltration. 
• Manage the full suite (Endpoint, Office 365, Identity, and Cloud) to investigate and remediate sophisticated threats.

Qualifications

• 7+ years of professional experience relevant experience supporting enterprise cloud and/or infrastructure environments.
• Deep knowledge & hands on experience in core components of the Microsoft security and management ecosystem designed for a Zero Trust Approach. Specifically on Azure Entra, Intune and Purview (DLP, eDiscovery, Information Protection, Insider Risk Management) and Azure Conditional Access Policies for automated guardrails.
• Advanced proficiency in PowerShell or Python for automating security tasks and incident response playbooks.
• Expertise in using Proofpoint Targeted Attack Protection (TAP) and Threat Response Auto-Pull (TRAP) to stop phishing and malware.
• Experience managing the full user lifecycle (joiner, mover, leaver) and automating provisioning / deprovisioning using SailPoint.
• Experience with JAMF Pro and JAMF Protect for securing Apple endpoints within an enterprise Azure environment. 
• Bachelor''s degree in Cybersecurity, Computer Science, or Information Systems.
• Microsoft Certified Azure Security Engineer Associate (AZ-500) (Preferred)
• SC-100 (Cybersecurity Architect) or CISSP (Highly Preferred)