Senior Azure Security Engineer (55727)

Applied Technical Services, LLC (“ATS” or the “Company”) is a leading provider of critical testing, inspection, certification, and compliance services. The Company serves clients across a diverse set of large and stable end markets including manufacturing, power generation, aerospace, medical, and defense. ATS was founded in 1967 and is headquartered in Marietta, GA. Today the Company employs nearly 2,100 team members in over 95 locations across the United States.

Our purpose is to create a safe and reliable world and our mission is to deliver assurance through precise technical and professional services.

The Senior Azure Security Engineer (Architect) is a member of the Abel Solutions team, an ATS subsidiary, and is responsible for the design, deployment, security, and operation of mission critical Azure Government and Microsoft 365 GCC High environments in support of clients handling CUI and aligning to CMMC and NIST 800-171. The role blends deep technical security expertise with consulting delivery, guiding clients from requirements discovery through architecture, implementation, operational readiness, and transition into managed compliance. This position requires strong ownership, communication, documentation discipline, and the ability to lead architecture decisions in regulated cloud environments.

Responsibilities:

• Lead end to end Azure Government and GCC High engagements from discovery through production handoff
• Facilitate workshops covering compliance scope, CUI boundaries, security posture, and target architecture
• Design and implement secure cloud environments using Zero Trust and defense in depth concepts
• Build and harden Azure Government landing zones, networks, identity, compute, AVD, and operational controls
• Execute architecture decisions across identity, network security, workloads, endpoint security, monitoring, and data protection
• Implement Conditional Access, MFA, PIM, RBAC, and secure privileged administration patterns
• Configure Azure Firewall, NSGs, private endpoints, routing, DNS, and segmentation
• Build secure baselines, reusable templates, reference architectures, and automation components
• Implement monitoring, log analytics, Sentinel detections, incident workflows, and operational readiness
• Support secure collaboration, DLP, retention, and other M365 GCC High security capabilities when applicable
• Provide ongoing managed compliance support including configuration monitoring, patching, vulnerability management, alert handling, and incident response
• Participate in on call rotation for after hours incident handling
• Perform backup validation, DR planning, periodic testing, and quarterly security reviews
• Prepare compliance evidence and documentation aligned with CMMC and NIST 800-171 requirements
• Maintain diagrams, SOPs, runbooks, operational documentation, and client ready reporting artifacts
• Stay current on Azure Government and GCC High capabilities and contribute to internal standards and service improvements
• Support internal initiatives, knowledge sharing, and collaboration across practices
• Build strong client relationships and maintain clear communication with leadership and technical teams

Required Experience and Skills:

• 7 plus years in infrastructure or security engineering with hands on Azure experience
• 3 plus years designing and deploying secure Azure environments in production
• 2 plus years operating security controls such as SIEM, endpoint protection, vulnerability management, and incident response
• At least one full GCC High or Azure Government implementation from design through go live
• Azure architecture, networking, and security hardening proficiency
• Experience with Azure Policy, RBAC, management groups, and resource organization
• Strong knowledge of private networking patterns including Private Link, private endpoints, DNS, and firewalling
• Experience with Terraform, Bicep, ARM, and automation pipelines
• PowerShell or CLI scripting capability
• Entra ID security features including Conditional Access, MFA, and PIM
• Familiarity with Microsoft Defender for Endpoint, baseline hardening, and endpoint security concepts
• Experience with Microsoft Sentinel including log ingestion, analytics rules, and workflow design
• Monitoring, alerting, incident response support, and operational runbook driven processes
• Experience with ITSM platforms such as ServiceNow, ConnectWise, or Jira Service Management
• Strong analytical, communication, and consulting skills with ability to translate compliance requirements into technical patterns
• Ability to manage multiple priorities and collaborate across teams in a fast paced environment
• Ability to work independently with minimal supervision

Additional requirements:

• Bachelor’s degree in Computer Science, MIS, Cybersecurity, or equivalent experience
• Microsoft Certified Azure Security Engineer Associate (AZ-500) required
• Preferred certifications include SC-100, SC-200, CISSP, CCSP, Security Plus, or CASP Plus
• U.S. Person status required due to ITAR and EAR export control regulations
• Experience with GCC High, Azure Government, AVD in regulated environments, CMMC readiness, Sentinel deployment, and policy as code strongly preferred
• Consulting experience preferred
• MSP or managed compliance experience preferred

Work Conditions:

• Primary work location is Marietta, GA or remote
• Participation in an on call rotation for critical incident response
• Work may involve regulated data requiring strict security controls
• Collaboration with cross functional teams and direct client engagement is expected

EOE/AA/M/F/Vet/Disability

ATS is an equal opportunity employer where employment is based upon personal capabilities and qualifications without discrimination due to race, color, religion, gender, age, national origin, disability, veteran status, or any other protected characteristic as established by law.

U.S. Persons” Only:  A requirement of this position is access to information that is subject to U.S. export controls under the U.S. International Traffic in Arms Regulations (“ITAR”).  Accordingly, the company will consider only “U.S. Persons” for this position.  A “U.S. Person” includes (a) U.S. citizens or nationals; (b) U.S. lawful permanent residents (i.e., “green card” holders); (c) persons granted refugee status; or (d) persons granted asylum in the United States.  This information is collected solely for purposes of complying with U.S. export control requirements and will not be used to unlawfully discriminate in the hiring process

Salary : $145,000 - $175,000