Cloud Security Engineer

Job Title: Cloud Security Engineer

Location: Audubon, PA (Hybrid/Remote)

Duration: Contract

We are seeking a consultant available to work on a W2 basis, as this is a contract-to-hire opportunity.

Cloud Security Engineer

The Cloud Security Engineer will be responsible for designing, implementing, and managing security controls across Microsoft Azure and Microsoft 365 environments to support secure cloud operations and ensure compliance with enterprise policies and regulatory requirements. This role covers both Azure infrastructure and Microsoft 365 services, with a focus on threat protection, governance, and data security. While the primary focus is on Azure and Microsoft 365, experience with AWS cloud security is preferred and considered a strong asset.

Responsibilities:

• Design and implement secure Azure architectures using Infrastructure as Code (IaC) tools such as Terraform, ensuring consistent, compliant deployments across landing zones, hub-and-spoke networking, and shared services.

• Build and manage reusable IaC modules that incorporate Azure security best practices for resources such as VNETs, NSGs, Private Endpoints, Azure Bastion, and Key Vault.

• Implement and enforce security policies using Azure Policy and Role-Based Access Control (RBAC) to ensure consistent governance across Azure subscriptions and environments.

• Integrate and manage security solutions including Microsoft Defender for Cloud, Azure Monitor, and Security Center for threat detection, vulnerability management, and incident response.

• Implement strong identity and access controls using Azure Active Directory, including Conditional Access, Privileged Identity Management (PIM), Multi-Factor Authentication (MFA), and secure integration with hybrid/on-prem directories.

• Enhance security across Microsoft 365 services, focusing on:

• Securing Exchange Online, including anti-phishing, anti-malware, and safe links/attachments policies.

• Implementing and managing Data Loss Prevention (DLP) policies across Exchange Online, SharePoint, OneDrive, and Teams to prevent unauthorized data sharing.

• Managing Microsoft Purview for data governance, compliance, and sensitive data discovery.

• Configuring and tuning Microsoft Defender for Office 365 for advanced threat protection.

• Collaborate with cloud architects, compliance, and operational teams to develop and evolve security governance frameworks and standard operating procedures for secure cloud and SaaS adoption.

• Provide security guidance and risk assessments for Azure and Microsoft 365 solutions, ensuring alignment with enterprise policies and frameworks such as CIS Benchmarks, NIST, and ISO 27001.

Characteristics & Qualifications:

Required:

• Bachelor's degree in computer science, Information Systems, Cybersecurity, or equivalent work experience

• At least 2 years of experience implementing application workloads in public cloud environments, with a strong focus on secure deployment practices.

• At least 2 years of experience architecting solutions in public cloud platforms (Azure required; AWS experience preferred), including security architecture, identity management, and policy enforcement.

• Hands-on experience implementing and managing Microsoft 365 security controls, including Exchange Online protection, Data Loss Prevention (DLP), and Microsoft Purview.

• Experience with Infrastructure as Code (IaC) tools such as Terraform to deploy secure, compliant cloud infrastructure.

• Proven ability to produce high-quality work products with strong attention to detail, especially in the areas of security configuration, documentation, and governance.

Preferred:

At least 4 years of hands-on experience working with the Azure cloud platform, including implementing secure PaaS solutions and managing security controls across Azure and Microsoft 365 environments.

Salary : $120,000 - $140,000