Cloud Security Engineer

Job Title: Azure Cloud Security Engineer

Duration: 12+ Months (Possible extension)

Location: New York, NY 10286

Onsite Role (4 days a week)

Responsibilities:

• This role requires strong Azure technical depth, comprehensive knowledge of Microsoft security controls, and the ability to both execute hands-on security configurations and guide cross-functional teams in operationalizing compliance.
• Seeking a skilled Security Engineer – Azure Public Cloud Role Overview Hands-on Security Engineer supporting the operationalization of NIST SP 800-53 controls within an Azure Public Cloud environment.
• Responsible for implementing and validating NIST SP 800-53 controls while guiding Cloud Engineering and Cybersecurity teams to ensure secure, complaint, and audit-ready deployments aligned to ATO and continuous monitoring requirements.
• Must have deep knowledge of Microsoft security capabilities, including the full Defender suite.
• Support implementation and operationalization of NIST SP 800-53 controls in Azure Public Cloud.
• Translate NIST SP 800-53 and RMF requirements into Azure-native configurations, guardrails, and engineering backlog items.
• Provide technical security guidance to Cloud Engineering, DevOps, Infrastructure, and Cyber teams to ensure compliant architectures and deployments.
• Implement and validate controls across:
• Microsoft Entra ID (RBAC, PIM, Conditional Access, identity governance)
• Azure Policy and governance initiatives
• Network security (NSGs, Azure Firewall, Private Endpoints, segmentation)
• Encryption and key management (Key Vault, CMK, TLS)
• Logging, monitoring, and SIEM integrations.
• Leverage and configure Microsoft security solutions including: Microsoft Defender for Cloud, Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps, Microsoft Sentinel.
• Contribute to SSP updates, control narratives, evidence collection, and POA&M tracking.
• Perform control gap assessments and support remediation execution.
• Support independent assessments and ongoing continuous monitoring activities.

Education/Experience:

• 5+ years in security engineering with strong Azure Public Cloud security experience.
• Direct experience supporting regulated high- or moderate-baseline cloud environments.
• Deep working knowledge of NIST SP 800-53 and RMF.
• Strong expertise across Microsoft security controls and the Microsoft Defender ecosystem.
• Experience supporting audit readiness and ATO lifecycle processes.

Preferred:

• Azure Security Engineer Associate (AZ-500) or equivalent.
• CISSP, CCSP, CAP, or similar certification.
• Experience automating compliance using Azure Policy, ARM/Bicep, or Terraform.
• Familiarity with Zero Trust architecture in Microsoft environments.