Cloud Security Engineer

Amazon.com, Inc.
Denver, United States of America
6 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 135K

Job location

Remote
Denver, United States of America

Tech stack

Kubernetes Security
Azure
Bash
Microsoft Online Services
Cloud Computing
Cloud Computing Security
Cloud Engineering
Identity and Access Management
Intrusion Detection and Prevention
Python
Key Management
Log Analysis
Powershell
Kusto Query Language
Security Information and Event Management
Software Vulnerability Management
Policy as Code
Data Logging
Microsoft Power Automate
Cloud Monitoring
Mitre Att&ck
HybridCloud
Infrastructure Automation Frameworks
Bicep
Microsoft Sentinel
Terraform
Serverless Computing
Security Orchestration, Automation & Response
Key Vault

Job description

We are seeking an experienced Azure Cloud Security Engineer to support the design, implementation, and optimization of enterprise cloud security controls across Microsoft Azure. The ideal candidate will have strong expertise in Azure security services, cloud governance, CSPM, identity and access management, infrastructure-as-code (IaC), and cloud-native security tooling. This role involves implementing security guardrails, performing security assessments, automating compliance, and collaborating with platform and security teams to strengthen the organization's cloud security posture. Key Responsibilities

  • Design and implement Azure landing zone security controls, including identity, networking, VNets, NSGs, and private endpoints.
  • Configure, deploy, and optimize Microsoft Sentinel, Microsoft Defender XDR, Defender for Cloud, and Defender for Cloud Apps (CASB).
  • Perform Cloud Security Posture Management (CSPM) assessments against CIS Azure Foundations Benchmark and Microsoft Cloud Security Benchmark (MCSB), and recommend remediation plans.
  • Build and manage Azure Policy initiatives, policy-as-code, and automated remediation to enforce governance and reduce configuration drift.
  • Implement encryption, key management, and certificate governance using Azure Key Vault.
  • Configure Azure Monitor, Log Analytics, telemetry, alerting, and SIEM integrations.
  • Secure Azure services including AKS, Container Apps, Azure Functions, Logic Apps, and Azure Container Instances.
  • Conduct cloud architecture security reviews and threat modeling.
  • Develop Infrastructure-as-Code (Terraform, Bicep, ARM) security guardrails and vulnerability management workflows.
  • Support cloud security incident investigation and containment activities.
  • Create documentation, operational runbooks, standards, and knowledge transfer materials.

Requirements

  • 4-7 years of hands-on experience in Azure Cloud Security Engineering.
  • Strong experience with Microsoft Azure security services, including Defender for Cloud, Microsoft Sentinel, Defender XDR, and Defender for Cloud Apps (CASB).
  • Experience implementing Azure Policy, governance frameworks, and Infrastructure-as-Code (Terraform, Bicep, or ARM).
  • Experience performing CSPM assessments using CIS Azure Foundations Benchmark and Microsoft Cloud Security Benchmark (MCSB).
  • Strong knowledge of Azure IAM, networking, encryption, Key Vault, and cloud-native security best practices.
  • Experience securing hybrid cloud environments.
  • Proficiency in scripting and automation using PowerShell, Python, Bash, KQL, or similar technologies.

Preferred Qualifications

  • Experience with container and Kubernetes security (AKS).
  • Knowledge of MITRE ATT&CK framework and cloud detection engineering.
  • Experience with cloud monitoring, logging, and security automation.
  • Strong documentation and technical communication skills.

Certifications

  • Required: Microsoft Certified Azure Security Engineer Associate (AZ-500)
  • Preferred: CCSP or equivalent cloud security certification

Apply for this position