# Security Engineer - Azure Government

**Company:** [xAI](https://hotfix.jobs/companies/xai)
**Location:** Palo Alto, CA, Washington, DC
**Role:** Security Engineering
**Salary:** $180k – $440k/yr
**Experience:** 3+ years
**Skills:** Azure Security, Microsoft Defender For Cloud, Microsoft Sentinel, Microsoft Entra Id, Azure Key Vault, Azure Policy, Azure Firewall, PowerShell, Terraform, Kubernetes, Intune, Microsoft Purview, Kql, DevSecOps, FedRAMP
**Posted:** 2026-03-06

> Designs, implements, and maintains security controls in Azure Gov Cloud, focusing on threat detection, identity management, network security, and compliance with FedRAMP/CMMC. Requires 3+ years cloud security experience, Azure expertise, US security clearance eligibility, and scripting proficiency.

## Job Description

## Key Responsibilities
- Implement, design, and manage security architecture for Azure Government and Commercial deployments (with considerations for DoD IL5/IL6 and FedRAMP High controls)
- Configure and optimize **Microsoft Defender for Cloud**, **Microsoft Sentinel**, **Microsoft Defender for Endpoint**, and related services for threat detection, vulnerability management, and automated response
- Design and enforce identity & access management using **Microsoft Entra ID**, **Privileged Identity Management (PIM)**, Conditional Access policies, RBAC, and just-in-time access
- Secure network architectures with **Azure Firewall**, **Network Security Groups (NSGs)**, DDoS Protection, **Web Application Firewall (WAF)**, **Network Watcher**, and private endpoints
- Protect data at rest and in transit via **Azure Key Vault**, encryption strategies, data classification, and information protection controls
- Develop and maintain security policies, initiatives, and blueprints using **Azure Policy** and **Microsoft Purview** for compliance (NIST, FedRAMP, CMMC, STIGs, etc.)
- Perform threat hunting, incident response, and forensics using Sentinel playbooks, **Log Analytics**, and **KQL queries**
- Conduct security reviews of Infrastructure as Code (IaC), containers, **Kubernetes (AKS)**, and serverless workloads
- Collaborate with developers and architects to implement **DevSecOps** practices, including secure CI/CD pipelines, code scanning, and secure defaults
- Monitor and remediate security findings, reduce attack surface, and improve overall security posture per the **Microsoft Cloud Security Benchmark (MCSB)**
- Deploy configurations and compliance policies to **Azure AVD** endpoints using **Intune** and other Azure native services

## Required Qualifications
- Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one
- **3+ years** of experience in cloud security, cybersecurity engineering, or related roles (with strong Azure focus)
- Deep hands-on expertise with core Azure security services: **Microsoft Defender suite**, **Sentinel**, **Intune**, **Entra ID**, **Key Vault**, **Azure Policy**, **Firewall**, **Network Watcher**, and **Purview**
- Strong understanding of DLP implementation both in cloud and on endpoints utilizing Purview and other Microsoft native controls
- Experience implementing security in hybrid/multi-cloud environments
- Proficiency in scripting/automation (**PowerShell**, **Azure CLI**, **Bicep/ARM templates**, **Terraform**)
- Strong understanding of identity federation, zero-trust principles, encryption, network security, and vulnerability management
- Familiarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs, etc.) and regulatory requirements
- Excellent problem-solving, analytical, and communication skills

## Preferred Qualifications
- **Microsoft Certified: Azure Security Engineer Associate (AZ-500)**, **Microsoft Cybersecurity Architect (SC-100)**
- Additional relevant certifications (e.g., **CISSP**, **CCSP**, **Microsoft Certified: Azure Administrator**, **AWS Security Specialty**, **SANS GCPS**, **SANS GCAD**)
- Deep experience with detection and response engineering and SOC operations
- Knowledge of container security (**Docker**, **AKS**), secure DevOps, or AI/ML workload protection
- Prior experience in government regulations frameworks such as FedRAMP and CMMC

## Compensation & Benefits
**Annual Salary Range: $180,000 - $440,000 USD**

Base salary is just one part of total rewards package, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

## Similar roles

- [Network Security Engineer](https://hotfix.jobs/jobs/e7a9e818-ec25-409d-a1d9-0de7d952564d) - Lightning AI - San Francisco, CA - $180k – $220k/yr
- [Product Security Engineer (PSIRT - Product Security Incident Response Team)](https://hotfix.jobs/jobs/4a459143-2760-42fb-8536-f8b48519d936) - Replit - Foster City, CA - $180k – $325k/yr
- [Security Engineer, Infrastructure Security](https://hotfix.jobs/jobs/07228b27-48b3-41af-8e9a-208076e63fac) - OpenAI - Remote - $184k – $385k/yr
- [Software Engineer, Infrastructure Security](https://hotfix.jobs/jobs/afa352ff-09e0-4e37-8fa3-ab06fe7448dc) - OpenAI - Remote - $184k – $385k/yr
- [Security Engineer, Privacy](https://hotfix.jobs/jobs/21a248c5-bba3-4587-adc6-041fbbed1e1a) - Ramp - New York, NY - $185k – $375k/yr

**Apply:** https://hotfix.jobs/jobs/77997ce4-7f3e-4114-90ae-2b590d6da619
**Canonical:** https://hotfix.jobs/jobs/77997ce4-7f3e-4114-90ae-2b590d6da619