Skip to content
xAIxAIPalo Alto, CA

Security Engineer - Azure Government

Designs, implements, and maintains security controls in Azure Gov Cloud, focusing on threat detection, identity management, network security, and compliance with FedRAMP/CMMC. Requires 3+ years cloud security experience, Azure expertise, US security clearance eligibility, and scripting proficiency.

180k – 440k/yr
Hybrid3+ YOESecurity Engineering

About the role

Key Responsibilities

  • Implement, design, and manage security architecture for Azure Government and Commercial deployments (with considerations for DoD IL5/IL6 and FedRAMP High controls)
  • Configure and optimize Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated response
  • Design and enforce identity & access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just-in-time access
  • Secure network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpoints
  • Protect data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controls
  • Develop and maintain security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs, etc.)
  • Perform threat hunting, incident response, and forensics using Sentinel playbooks, Log Analytics, and KQL queries
  • Conduct security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloads
  • Collaborate with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaults
  • Monitor and remediate security findings, reduce attack surface, and improve overall security posture per the Microsoft Cloud Security Benchmark (MCSB)
  • Deploy configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services

Required Qualifications

  • Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one
  • 3+ years of experience in cloud security, cybersecurity engineering, or related roles (with strong Azure focus)
  • Deep hands-on expertise with core Azure security services: Microsoft Defender suite, Sentinel, Intune, Entra ID, Key Vault, Azure Policy, Firewall, Network Watcher, and Purview
  • Strong understanding of DLP implementation both in cloud and on endpoints utilizing Purview and other Microsoft native controls
  • Experience implementing security in hybrid/multi-cloud environments
  • Proficiency in scripting/automation (PowerShell, Azure CLI, Bicep/ARM templates, Terraform)
  • Strong understanding of identity federation, zero-trust principles, encryption, network security, and vulnerability management
  • Familiarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs, etc.) and regulatory requirements
  • Excellent problem-solving, analytical, and communication skills

Preferred Qualifications

  • Microsoft Certified: Azure Security Engineer Associate (AZ-500), Microsoft Cybersecurity Architect (SC-100)
  • Additional relevant certifications (e.g., CISSP, CCSP, Microsoft Certified: Azure Administrator, AWS Security Specialty, SANS GCPS, SANS GCAD)
  • Deep experience with detection and response engineering and SOC operations
  • Knowledge of container security (Docker, AKS), secure DevOps, or AI/ML workload protection
  • Prior experience in government regulations frameworks such as FedRAMP and CMMC

Compensation & Benefits

Annual Salary Range: $180,000 - $440,000 USD

Base salary is just one part of total rewards package, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

Skills

Azure SecurityMicrosoft Defender For CloudMicrosoft SentinelMicrosoft Entra IdAzure Key VaultAzure PolicyAzure FirewallPowerShellTerraformKubernetesIntuneMicrosoft PurviewKqlDevSecOpsFedRAMP
Lightning AI

Network Security Engineer

Lightning AISan Francisco, CA +1

Designs and implements network security architectures using firewalls, VPNs, and IDS/IPS. Conducts vulnerability assessments, monitors threats with SIEM tools, ensures compliance, and automates security responses. Requires expertise in security tools and certifications like CISSP.

180k – 220k/yr
HybridSecurity Engineering
Replit

Product Security Engineer (PSIRT - Product Security Incident Response Team)

ReplitFoster City, CA

Leads vulnerability response for cloud-native AI platform, managing intake, triage, validation, remediation coordination, and bug bounty programs. Requires expertise in reproducing web/app/cloud vulnerabilities and operating disclosure processes.

180k – 325k/yr
HybridSecurity Engineering
OpenAI

Security Engineer, Infrastructure Security

OpenAISan Francisco, CA +3

Designs and builds security controls for infrastructure including GPU clusters, multi-cloud setups, datacenters, Kubernetes, and networks to protect AI models and data from advanced threats. Requires deep security expertise, cloud platform knowledge, and proactive problem-solving across on-prem and cloud environments.

184k – 385k/yr
RemoteSecurity Engineering
OpenAI

Software Engineer, Infrastructure Security

OpenAISan Francisco, CA +2

Designs and builds production-grade security services like auth systems, proxies, and key management for OpenAI's GPU clusters, multi-cloud infrastructure, and AI workloads. Requires strong software engineering in Python/Go/Rust, experience with critical security infra, and cloud security expertise.

184k – 385k/yr
RemoteSecurity Engineering
Ramp

Security Engineer, Privacy

RampNew York, NY +1

Build privacy-focused primitives, integrate into products, partner on secure designs, and manage data retention/anonymization while tracking legal standards. Requires 4+ years software experience, 2+ years in privacy/security.

185k – 375k/yr
Hybrid4+ YOESecurity Engineering