Cloud Security Engineer
Role details
Job location
Tech stack
Job description
- Support implementation and operationalization of NIST SP 800-53 controls in Azure Public Cloud.
- Translate NIST SP 800-53 and RMF requirements into Azure-native configurations, guardrails, and engineering backlog items.
- Provide technical security guidance to Cloud Engineering, DevOps, Infrastructure, and Cyber teams to ensure compliant architectures and deployments.
- Implement and validate controls for Microsoft Entra ID including RBAC, PIM, Conditional Access, and identity governance.
- Implement and validate Azure Policy and governance initiatives.
- Implement and validate network security including NSGs, Azure Firewall, Private Endpoints, and segmentation.
- Implement and validate encryption and key management using Key Vault, CMK, and TLS.
- Implement and validate logging, monitoring, and SIEM integrations.
- Leverage and configure Microsoft Defender for Cloud, Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, and Microsoft Sentinel.
- Contribute to SSP updates, control narratives, evidence collection, and POA&M tracking.
- Perform control gap assessments and support remediation execution.
- Support independent assessments and ongoing continuous monitoring activities.
Requirements
- 5+ years in security engineering with strong Azure Public Cloud security experience.
- Direct experience supporting regulated high- or moderate-baseline cloud environments.
- Deep working knowledge of NIST SP 800-53 and RMF.
- Strong expertise across Microsoft security controls and the Microsoft Defender ecosystem.
- Experience supporting audit readiness and ATO lifecycle processes.
- Azure Security Engineer Associate (AZ-500) or equivalent (preferred).
- CISSP, CCSP, CAP, or similar certification (preferred).
- Experience automating compliance using Azure Policy, ARM/Bicep, or Terraform (preferred).
- Familiarity with Zero Trust architecture in Microsoft environments (preferred)., * Azure Security Engineer Associate (AZ-500) (certification).
- CISSP (certification).
- CCSP (certification).
- CAP (certification).
Benefits & conditions
Our client seeks a Cloud Security Engineer focused on Azure to implement and operationalize NIST SP 800-53 controls across regulated cloud environments. The role will translate RMF requirements into Azure-native guardrails and configurations while guiding cross-functional teams. You will leverage Microsoft Defender solutions and Sentinel to validate controls, support audit readiness, and enable continuous monitoring. The position requires deep Azure security expertise and hands-on implementation skills.
Due to client requirements, applicants must be willing and able to work on a w2 basis. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance.
Rate: $84.00 to $94.00/hr. w2, Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range.
W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality. If anyone reaches out to you about an open position connected with Eliassen Group, please ensure that you are working directly with us by confirming the following:
When you work with Eliassen Group, all email communication will come from an Eliassen.com address, never Gmail, Yahoo, etc.
