Cloud Security Engineer position requires experience in Azure cloud infrastructure architecture, software engineering, development operations, network engineering, data management, and PaaS architecture. The candidate will lead partnerships with DevOps, Product Engineering, Infrastructure & Operations to help design, develop and implement security-resilient, cost-effective, scalable Azure cloud solutions. This is hands-on in all aspects of Azure security, including implementing security controls based on the fundamentals of Azure Security Benchmark, threat protection, identity, and access management, defining Azure cloud infrastructure and Azure Policyies. He/she will use Azure technologies to provide data protection, network security defenses, while also supporting cloud cyber incident responses policies and procedures.
- Responsible for all aspects of an security solution, providing architectural design, development, deployment, and optimization for security fuction of Azure cloud.
- Design, implement, secure Azure cloud infrastructure, including but not limited to data platform management, automated deployment, and configuration of services, virtual networking, storage accounts, Azure App Service, VMs, Azure Active Directory, Azure AD Connect, load balancing, network security, Azure Backup.
- Select and implement balanced security solutions to ensure cloud platform and technology architecture is coded and configured to deliver security and privacy.
- Perform security operations to produce security-centric PaaS deliverables that enable DevOps, Product Engineering, and Infrastructure & Operations to create secure products without unreasonable restrictions.
- Develop an Azure cloud-security roadmap in conjunction with the other technology leaders to aid in implementing security controls that will support the Company's cloud-technology vision.
- Technically execute and maintain security solutions, migrating existing applications, software, and services to the Azure cloud.
- Identify risk and mitigation plans associated with security, legal, data, compliance, and regulatory requirements.
- Maintain and improve the security posture of the Azure platform, identifying, and remediating vulnerabilities by using a variety of security tools.
- Provide Cybersecurity expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure Azure cloud-based applications, operating systems, databases, and networks.
- Implement, configure, maintain security controls and policies, and monitor threats to ensure that apps, containers, infrastructure, and networks are protected.
- Automate security controls, data, and processes to provide better metrics and operational support using Security-as-Code.
- Develop a logical and technical security architecture to underpin functional and related business requirements, moving from an on-premise to a cloud-based Azure (PaaS) solution.
- Configure, and maintain access within cloud solution environments using the least privileged access principle.
- Configure and maintain network security within cloud environment using hybrid context with traditional network-centric controls Create, maintain and administer Azure Policies for enforcing security controls.
- Define and document cloud policies and procedures, standards, design.
- 3+ years of prior experience in Azure cloud infrastructure architecture, engineering, development operations, network engineering, data management, and cloud environments (PaaS)
- Demonstrated experience transforming IT infrastructure and moving organizations towards a mature cloud-based service delivery model; experience with on-premises to cloud migrations or IT transformations.
- Experience with Azure cloud architecture, cloud strategy, networking, security, and compliance workload types
- Advanced experience with Software Engineering (SDLC) and architecture initiatives delivering in the cloud, and demonstrated experience implementing IaC (Infrastructure as Code).
- Effectively communicate with internal and external customers to capture current data management requirements and objectives from different stakeholders that define their needs.
- Proficient understanding of networking, e.g., IP subnetting, Network Security Groups, routing, Azure Firewall, Azure Front Door, ExpressRoute, load balancers, DNS
- Deep understanding of configuring, maintaining Azure Policies to securing applications and information
- Strong familiarity with cloud capabilities and products and services for Azure, e.g., Azure Active Directory, Privileged Identity Management, VMs, Container Registry, Azure Kubernetes Services (AKS), Data Services, KeyVault.
- Strong familiarity with cloud-native tools in Azure, e.g., Azure Monitor, Log Analytics, Azure Security Center, and Azure Sentinel.
- Strong skills in scripting and automation, Infrastructure-as-Code (IaC), and using CI/CD concepts.
- Experience with pipeline tooling for automated deployments and applying security controls.
- Experience with Azure DevOps Pipelines is preferred but also other tools like Jenkins and CodeBuild.
- Experience with configuration management / desired state automation/compliance tools such as Ansible, Inspec, TerraForm, Azure Policy, Puppet to configure, monitor, and automatically enforce security controls where needed.
- Proven ability to partner with client stakeholders from various parts of an organization.
- Ability to handle multiple tasks and workstreams in a fast-paced environment.
- Must be eligible to work in the US without sponsorship.
- Computer science or Engineering degree preferred
Minimum, one of the following certifications is required:
- Azure Solutions Architect Expert, Azure Security Engineer Associate, Azure Administrator Associate, Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), GIAC Cloud Security Essentials (GCLD), GIAC Cloud Security Automation (GCSA), GIAC Public Cloud Security (GPCS), or equivalent certification