Senior Security Engineer - Azure Security

Senior Azure Cyber Security Engineer

Core Specialty is seeking a Senior Azure Cyber Security Engineer to serve as a hands‑on technical leader and subject matter expert within the Cyber Security Engineering function. This is a senior individual contributor role with no direct reports, focused on designing, implementing, and operating security controls across Azure, identity, endpoint, cloud application, and network security domains. The role operates in a fast‑paced, high‑volume environment with a broad and evolving security landscape.

The ideal candidate is comfortable balancing strategic security initiatives with day‑to‑day operational engineering work, operates with minimal direction, and proactively identifies gaps, proposes solutions, and executes with a strong sense of ownership.

The selected candidate will be required to work a hybrid schedule (3 days in office/2 remote) out of our Dallas, TX, or Cincinnati, OH office. No relocation assistance is being offered with this role.

• Serve as a senior technical contributor driving the maturation of Core Specialty’s Azure security posture
• Identify gaps in cloud security controls, define remediation approaches, and deliver measurable improvements
• Act as a technical escalation point for complex security engineering challenges and incidents
• Partner with IT, GRC, and business stakeholders to align security engineering solutions with risk objectives
• Balance work across multiple concurrent projects and BAU (business‑as‑usual) security operations

• Design, implement, and manage Azure Policy definitions, initiatives, and assignments to enforce security baselines and regulatory requirements
• Engineer and maintain security configurations across Azure services, including Azure Firewall, Network Security Groups (NSGs), Key Vault, and Microsoft Defender for Cloud
• Develop and operationalize monitoring, alerting, and remediation workflows for Azure policy non‑compliance

• Define and enforce cloud application security policies using Microsoft Defender for Cloud Apps (MDCA)
• Implement Conditional Access App Control for real‑time session enforcement across SaaS applications
• Establish cloud application risk scoring, usage policies, and data exfiltration controls
• Partner with business units to assess and onboard new cloud applications with appropriate security guardrails

• Architect and manage Microsoft Entra  (Azure AD) security configurations, including Conditional Access, Privileged Identity Management (PIM), Access reviews and identity governance, Role‑based access control (RBAC)
• Govern identity lifecycle and entitlement management across Azure and integrated SaaS platforms
• Support identity security governance in AWS IAM, including federation and cross‑cloud identity considerations

• Design and manage Azure‑native network security controls, including Azure Firewall, Azure Front Door, Azure WAF, Azure DDoS Protection, VNets, Private Endpoints, and NSGs
• Support perimeter and segmentation security using Palo Alto Networks firewalls and Panorama
• Manage and support Cloudflare security services (WAF, DDoS, DNS security, ZTNA, Bot Management)
• Collaborate with network engineering teams to ensure designs align with zero trust principles

• Design, deploy, and manage Microsoft Intune security policies at scale, including Device compliance and configuration profiles, Endpoint protection and ASR rules, Application Protection Policies (MAM), Windows Autopilot and enrollment controls
• Maintain endpoint security baselines aligned with CIS benchmarks
• Support integration and operational transition to Sentinel One as the primary EDR platform
• Partner with IT operations to safely test and deploy endpoint security changes

• Act as a senior technical escalation point during security incidents
• Contribute to incident response playbooks and post‑incident reviews
• Produce high‑quality technical documentation, including Security architecture diagrams, SOPs and…