TechGeo 🔔 Track jobs on Gurify
TechGeo / Security / Cloud Security Engineer

Cloud Security Engineer

Posted Jul 09, 2026 19h ago

Job description

Cloud Security Engineer who lives and breathes Azure security. Someone who can tune Defender for Cloud, enforce guardrails with policy-as-code, and build real detections in Sentinel, not just check compliance boxes. If you're deep in Entra ID, Terraform, and KQL and want to bring security into the engineering conversation early, this one's worth a look. What You'll Be Doing ✅ Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access ✅ Enforce preventative guardrails with Azure Policy and benchmark against CIS Benchmarks and NIST CSF ✅ Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access, plus periodic access reviews ✅ Use Microsoft Purview and Defender for Cloud DSPM to classify and protect sensitive cloud data ✅ Embed security into Terraform and GitHub Actions pipelines; IaC scanning, policy-as-code, secrets management ✅ Support threat modeling and secure design reviews for new and changing cloud workloads ✅ Engineer Sentinel data ingestion (connectors, Data Collection Rules/Endpoints) and build detections ✅ Integrate Defender for Cloud and Defender XDR signals into Sentinel for unified detection and response What You Bring 📊 3+ years in cloud security or cloud engineering, with hands-on Azure security experience Core Azure Security ✅ Microsoft Defender for Cloud, Azure Policy, Microsoft Entra ID (RBAC, PIM, Conditional Access) ✅ CSPM/CNAPP experience — finding and fixing misconfigurations and excessive access DevSecOps & Automation ✅ Terraform (IaC) and CI/CD security in GitHub Actions ✅ Scripting/automation in Python, PowerShell, and KQL (GenAI-assisted scripting welcomed) Detection & Monitoring ✅ Microsoft Sentinel, Log Analytics ingestion (connectors, DCR/DCE) ✅ Security architecture, design review, and threat modeling; working knowledge of NIST CSF and CIS Benchmarks Preferred Certifications 🏅 AZ-500, SC-100, or a relevant GIAC credential (GCSA, GCDA, or GCFR) Nice to Have ➕ Hands-on AWS security (Azure-primary role) ➕ GitHub Advanced Security (GHAS); container/Kubernetes (AKS) security ➕ Secrets and key management (Azure Key Vault)