Key Responsibilities
- Implement, design, and manage security architecture for Azure Government and Commercial deployments (with considerations for DoD IL5/IL6 and FedRAMP High controls)
- Configure and optimize Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated response
- Design and enforce identity & access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just-in-time access
- Secure network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpoints
- Protect data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controls
- Develop and maintain security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs, etc.)
- Perform threat hunting, incident response, and forensics using Sentinel playbooks, Log Analytics, and KQL queries
- Conduct security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloads
- Collaborate with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaults
- Monitor and remediate security findings, reduce attack surface, and improve overall security posture per the Microsoft Cloud Security Benchmark (MCSB)
- Deploy configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services
Required Qualifications
- Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one
- 3+ years of experience in cloud security, cybersecurity engineering, or related roles (with strong Azure focus)
- Deep hands-on expertise with core Azure security services: Microsoft Defender suite, Sentinel, Intune, Entra ID, Key Vault, Azure Policy, Firewall, Network Watcher, and Purview
- Strong understanding of DLP implementation both in cloud and on endpoints utilizing Purview and other Microsoft native controls
- Experience implementing security in hybrid/multi-cloud environments
- Proficiency in scripting/automation (PowerShell, Azure CLI, Bicep/ARM templates, Terraform)
- Strong understanding of identity federation, zero-trust principles, encryption, network security, and vulnerability management
- Familiarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs, etc.) and regulatory requirements
- Excellent problem-solving, analytical, and communication skills
Preferred Qualifications
- Microsoft Certified: Azure Security Engineer Associate (AZ-500), Microsoft Cybersecurity Architect (SC-100)
- Additional relevant certifications (e.g., CISSP, CCSP, Microsoft Certified: Azure Administrator, AWS Security Specialty, SANS GCPS, SANS GCAD)
- Deep experience with detection and response engineering and SOC operations
- Knowledge of container security (Docker, AKS), secure DevOps, or AI/ML workload protection
- Prior experience in government regulations frameworks such as FedRAMP and CMMC
Compensation & Benefits
Annual Salary Range: $180,000 - $440,000 USD
Base salary is just one part of total rewards package, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.