Senior Cloud & Security Engineer

• Play a critical role in advancing Navvis' cloud first security strategy, enabling secure adoption of Azure platforms, modern identity services, and enterprise grade security monitoring.
• Ensure that security architecture is defined at the enterprise level is successfully translated into operational, scalable, and resilient solutions that protect Navvis' systems, data, and users while supporting business growth and regulatory requirements.

A Day in the Life:

Security Monitoring & Detection

• Lead configuration, tuning, and ongoing optimization of the Microsoft Sentinel SIEM platform.
• Develop and maintain analytics and detection rules, automated response playbook, and security workflows and alerting logic.
• Integrate telemetry from cloud, endpoint, identity, and network sources into Sentinel.
• Partner closely with Navvis' SOC provider to enhance detection coverage, alert quality, and response effectiveness.

Endpoint Security & Device Management

• Engineer and manage enterprise endpoint security and device management capabilities, including Microsoft Intune, CrowdStrike Falcon, and Microsoft Defender for Endpoint.
• Design and maintain device compliance, configuration, and security baselines across Windows, macOS, iOS, and Android platforms.
• Implement and manage device enrollment strategies, compliance policies, configuration profiles, and application protection policies (MAM).
• Ensure endpoint security controls align with Zero Trust and identity-driven access models.
• Support investigation, containment, and remediation of endpoint-based security threats.

Identity & Access Security

• Design and manage identity security solutions within Microsoft Entra ID, including Conditional Access policies, Identity Protection, Privileged Identity Management (PIM), and Identity lifecycle and access governance.
• Integrate Intune device compliance and health signals with Conditional Access policies to enforce Zero Trust access decisions.
• Implement and support a Zero Trust identity architecture across the enterprise.

Security Automation & Integration

• Develop security automation using Azure Logic Apps, Microsoft Sentinel Playbooks, PowerShell, and Microsoft Graph APIs.
• Integrate security platforms with incident management, ticketing, and operational tooling to streamline response and reporting.

Architecture Support & Technical Leadership

• Serve as the technical lead for cloud security engineering initiatives and implementations.
• Partner with the Principal Enterprise Architect - Cloud & Security to translate architectural strategy into operational deployment.
• Provide design input and engineering leadership for Azure Landing Zones, secure network architectures, and enterprise security monitoring frameworks
• Act as the backup authority for cloud and security architecture decisions when the principal architect is unavailable.

Governance, Risk & Compliance

• Support enterprise compliance initiatives, including SOC 2, HITRUST, HIPAA, and related frameworks.
• Assist with security control implementation, documentation, and audit evidence collection.
• Participate in risk assessments, security design reviews, third-party vendor and technology evaluations

Incident Response & Threat Management

• Support enterprise incident response processes for cloud, identity, and endpoint security events.
• Investigate security alerts in collaboration with SOC analysts and infrastructure teams.
• Develop and maintain incident response runbooks and security playbooks.

• Bachelor's degree in computer science, Information Technology, or related field or 10+ years of subject matter experience.
• 7+ years of experience in cloud infrastructure or cybersecurity engineering
• 3+ years of hands-on experience securing Azure cloud environments
• Practical experience with SIEM platforms (Microsoft Sentinel preferred)
• Experience managing endpoint security platforms such as CrowdStrike or Microsoft Defender
• Strong experience with identity security and Microsoft Entra ID

We are excited about you if you have these things:

• Azure security architecture and networking
• Microsoft Sentinel SIEM
• Microsoft Entra ID identity and access security
• Microsoft Intune (Endpoint Manager) device and application management
• Endpoint Detection and Response (CrowdStrike / Microsoft Defender)
• PowerShell and security automation scripting
• Security monitoring, threat detection, and incident response
• Ability to translate security architecture into practical, operational engineering solutions
• Strong analytical, troubleshooting, and problem-solving skills
• Excellent documentation and communication abilities
• Proven experience collaborating with architecture, infrastructure, and SOC teams

401(k), Health insurance, Paid time off, Vision insurance, Dental insurance, Navvis is committed to attracting the most insightful and motivated talent by providing a candidate and onboarding experience that you won't find elsewhere! We foster an environment and culture that allow people to be creative, feel connected and be inspired to do their best work no matter where they are on the map. For all colleagues at Navvis, we strive to ensure that they have everything needed to be successful. From the basics like a competitive total rewards strategy, volunteering and social engagement activities to creating company experiences that challenge you to think differently and do different things as part of our never stop learning ecosystem, we support the whole person when you become a team member at Navvis.

Navvis offers a competitive benefits package including, but not limited to, medical, dental, vision, 401K with a safe harbor contribution and Paid Time Off plan starting at 2+ weeks.

Navvis is a leading population health company, driving performance in value-based care. As an operating partner to some of the country's most innovative health systems, physician enterprises, and health plans, we provide solutions that accelerate the journey to value-based care. Our approach is market-based - we respect the unique needs of populations in each community, including access to care, culture, values, and capabilities. Together with our partners, we set a new national standard in healthcare performance that delivers the affordability, quality, access, and experience that all patients deserve.