Senior Azure Cloud Security Engineer

Venture Global LNG (“Venture Global”) is a long-term, low-cost provider of American-produced liquefied natural gas. The company’s two Louisiana-based export projects service the global demand for North American natural gas and support the long-term development of clean and reliable North American energy supplies. Using reliable, proven technology in an innovative plant design configuration, Venture Global’s modular, mid-scale plant design will replace traditional designs as it allows for the same efficiency and operational reliability at significantly lower capital cost.
As a Senior Azure Cloud Security Engineer, you will be the primary architect and administrator for our cloud security posture. You will lead the implementation of a Zero Trust architecture, focusing on identity governance, modern endpoint management, and data protection. This role requires expert-level, hands-on experience in the Microsoft security ecosystem coupled with deep proficiency in best-of-breed third-party tools like CrowdStrike, Splunk, and Tenable.
Responsibilities

• Design and maintain complex conditional access policies incorporating device compliance, location, and risk-based signals.
• Implement Privileged Identity Management (PIM) to enforce just-in-time (JIT) and just-enough-administration (JEA) for high-impact roles.
• Conduct regular access reviews and manage identity lifecycles for employees, contractors, guests, and service accounts.
• Configure MDM and MAM policies, including device enrollment restrictions, compliance baselines, and configuration profiles for Windows, macOS, iOS, and Android.
• Oversee patching deployments and automate OS/Application patching cycles to maintain a low vulnerability footprint.
• Build and tune sensitivity labels for automatic data classification across SharePoint, Teams, and Exchange.
• Develop Data Loss Prevention (DLP) policies to prevent unauthorized data exfiltration.
• Manage the full suite (Endpoint, Office 365, Identity, and Cloud) to investigate and remediate sophisticated threats.
• Administer CrowdStrike Falcon for advanced EDR/Next-Gen AV and integrate findings into the broader security operations.
• Oversee the ingestion of Azure and M365 logs into Splunk for centralized monitoring, creating custom alerts and dashboards for the SOC.
• Utilize Tenable Vulnerability Management to perform continuous scanning, prioritize remediation based on business risk, and track the organization's exposure score.
• Harden email security through anti-phishing, anti-impersonation, and safe links/attachments policies.

Qualifications

- Deep knowledge and hands on experience in core components of the Microsoft security and management ecosystem designed for a Zero Trust Approach. Specifically on Azure Entra, Intune and Purview (DLP, eDiscovery, Information Protection, Insider Risk Management) and Azure Conditional Access Policies for automated guardrails.
- Advanced proficiency in PowerShell or Python for automating security tasks and incident response playbooks.
- Expertise in using Proofpoint Targeted Attack Protection (TAP) and Threat Response Auto-Pull (TRAP) to stop phishing and malware.
- Managing the full user lifecycle (joiner, mover, leaver) and automating provisioning/deprovisioning using SailPoint.
- Prior experience with JAMF Pro and JAMF Protect for securing Apple endpoints within an enterprise Azure environment.
- Bachelor's degree or equivalent experience in Cybersecurity, Computer Science, or Information Systems.
- 7 or more years of professional experience relevant experience supporting enterprise cloud and/or infrastructure environments.
- Certifications
: Microsoft Certified Azure Security Engineer Associate (AZ-500) (Preferred).
- SC-100 (Cybersecurity Architect) or CISSP (Highly Preferred).

*Venture Global LNG is an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law.*