Senior Cloud Security Engineer

Role:
Senior Cloud Security Engineer

Location:
Warren NJ (Hybrid)

Type: C2C

We're hiring a Senior Cloud Security Engineer to serve as the dedicated owner of cloud security remediation and hardening across our environment.

Our organization already has an established security team that identifies risks and issues recommendations. This role does not sit on that team. Instead, you are the engineer who turns those recommendations into durable, well-architected fixes and, just as importantly, makes sure the same findings don't come back.

This is a hands‑on engineering role, not an advisory one. Success means a measurably more secure environment, a shrinking backlog of recurring findings, and security controls that are enforced by design rather than by manual effort or one‑off patches.

• Own the full lifecycle of security findings and recommendations- whether they come from the security team, Microsoft Defender for Cloud, or other tooling-through triage, remediation, verification, and closure.
• Root‑cause recurring issues and implement systemic fixes (policy‑as‑code, automated guardrails, secure baselines) so the same findings don't reappear quarter after quarter.
• Track remediation SLAs and report on risk reduction and posture trends over time.

• Secure and govern modern authentication flows across the estate: OIDC, OAuth 2.0 with PKCE, JWT validation and handling, and mTLS.
• Administer and harden Microsoft Entra  (Azure Entra): app registrations and Enterprise Application permissions, consent governance, service principals and managed identities, credential and secret hygiene, and least‑privilege scoping.
• Design, implement, and continuously tune Conditional Access policies.

• Build and enforce guardrails using Azure Policy and Terraform; maintain secure‑by‑default infrastructure‑as‑code baselines and detect/remediate configuration drift.
• Operate Microsoft Defender for Cloud - drive secure‑score improvement, remediate recommendations, and manage cloud security posture (CSPM).
• Contribute to security governance: standards, control definitions, exception handling, and audit evidence.

• Secure all cloud and SaaS administrative portals - Azure and other admin consoles (e.g., Microsoft 365 admin, identity providers, and any additional cloud platforms in use).
• Strengthen privileged access: MFA enforcement, Privileged Identity Management (PIM) / just‑in‑time elevation, role minimization, and break‑glass procedures.

• Apply security controls to AI workloads, services, and AI agents: agent and workload identities, tool and permission scoping, data‑exposure and prompt‑injection risk, and emerging AI security best practices.

• 8+ years in cloud security or security engineering, with deep, hands‑on Azure experience.
• Strong, hands‑on Microsoft Entra : app registrations, Enterprise Apps, permissions and consent, and Conditional Access.
• Solid working knowledge of modern authentication: OIDC, OAuth 2.0 / PKCE, JWT, and mTLS.
• Proficiency with Terraform and Azure Policy for policy‑as‑code and automated guardrails.
• Experience with Microsoft Defender for Cloud and cloud security posture management.
• A demonstrable track record of root‑causing and permanently closing security findings - not just patching them.
• Working understanding of AI, AI agents, and AI security considerations.

• Multi‑cloud exposure (AWS, GCP).
• Relevant certifications (e.g., Microsoft SC‑100, AZ‑500, SC‑300; CISSP).
• Experience with CI/CD pipeline security, secrets management, and SIEM/SOAR.
• Scripting/automation (Power Shell, Python).
• Hands‑on experience securing LLM‑based or agentic systems in production.