Lead Cloud Security Engineer - Azure

Being a member of IT Cybersecurity & Platform Strategy team, the Sr. Associate IT Security Engineer – Cloud Security (Azure) will serve as a hands‑on technical specialist focused on securing DTCC’s Microsoft Azure cloud environment
, while maintaining working knowledge of AWS and GCP to support multi‑cloud security initiatives.

The Cybersecurity Engineering organization is responsible for delivering best‑in‑class security capabilities that protect DTCC’s enterprise technology platforms and public cloud environments.

This role requires deep, recent experience with Azure
—including native security services, Azure Policy, governance, identity, monitoring, and threat protection—and will partner closely with platform, architecture, and incident response teams to design, implement, and operate secure cloud solutions at enterprise scale.

This role directly supports DTCC’s ability to secure, govern, and scale its Azure cloud platform safely
, enabling business innovation while managing risk in a highly regulated environment. The Sr. Associate IT Security Engineer will play a key role in strengthening DTCC’s cloud security posture and operational maturity across Azure and beyond.

• Serve as a subject matter expert for Azure security
  , including identity, network, compute, data, monitoring, and governance controls.
• Design, implement, and maintain Azure security baselines
  , policies, and guardrails using Azure Policy and Policy‑as‑Code
  .
• Secure Azure subscriptions and workloads using native services such as Microsoft Defender for Cloud
  , Azure Monitor
  , Log Analytics
  , Sentinel
  , Key Vault
  , and Entra .
• Evaluate, onboard, and operationalize cloud security tooling, including Wiz
  , to enhance cloud posture management, risk visibility, and remediation workflows.
• Partner with platform and application teams to ensure secure‑by‑default architectures and adherence to DTCC security standards.
• Support incident response, threat investigation, and forensic analysis related to Azure cloud events.
• Collaborate across AWS and GCP teams to align multi‑cloud security standards
  , controls, and patterns.
• Develop and maintain security documentation
  , runbooks, and operational procedures for cloud security services.
• Identify opportunities for security automation to reduce manual effort and improve control effectiveness.
• Stay current on emerging cloud security threats, Azure feature updates, and industry best practices.

NOTE:
The Primary Responsibilities of this role are not limited to the details above.

• Minimum of 6 years of related experience
• Bachelor's degree preferred and/or equivalent experience

• 4–5 years of experience in cybersecurity engineering, with strong hands‑on Azure experience (active within the last 12 months).
• Expert‑level knowledge of Microsoft Azure architecture and security services.
• Strong experience with Azure Policy
  , governance, RBAC, PIM/PAM, logging, and monitoring.
• Familiarity with cloud security posture management (CSPM) concepts and tools, including Wiz
  .
• Working knowledge of AWS and Google Cloud Platform (GCP) security services.
• Experience supporting enterprise‑scale cloud environments with regulated or high‑availability workloads.
• Ability to analyze complex security problems and deliver practical, risk‑based solutions.
• Coding or scripting skills with Python, Power Shell, or a combination of other advanced programming languages.

• Azure certifications such as:
• Microsoft Certified:
  Azure Security Engineer Associate
• Microsoft Certified:
  Azure Solutions Architect Expert
• Security certifications (a plus):
• CISSP, CCSP, Security+, or equivalent
• Experience with infrastructure as code
  , automation, or scripting (e.g., Terraform, Power Shell, Python).
• Familiarity with industry security frameworks and standards (e.g.,
  NIST, CIS, ISO 27001
  ).