Ardent MillsRemote
Cloud Security Engineer
District of Columbia, United States of America
Full Time
1 month ago
$140,000 - $200,000 USD
Visa Sponsor
Key skills
AWSAzureCloudPythonTerraformVaultBashPowerShellAIServerlessAKSIAMAzure MonitorLogic AppsCloud Security
About this role
Role Overview
- Design, implement, and operate security controls primarily across Microsoft Azure environments
- Lead design and implementation for cloud landing zones, identity, and network controls (VPC/VNet, security groups/NSGs, private endpoints)
- Configure cloud-native security services (e.g., Microsoft Defender for Cloud, Microsoft Sentinel, Defender XDR)
- Build posture management (CSPM) and workload protection (CWPP) with policy-as-code and automated remediation
- Implement key management, encryption at rest/in transit, and certificate governance using KMS/Key Vault/Cloud KMS
- Establish logging, telemetry, and alerting (Azure Monitor) integrated to SIEM/XDR
- Work with key team members across IT and Security to test and validate total coverage / maturity of detection telemetry from cloud native sources
- Determine architecture as needed to harden serverless containers, and managed services (Functions, Logic Apps, Container Apps, AKS, ACI) with baseline controls
- Perform threat modeling and security reviews for cloud architectures and application designs
- Partner with platform and product teams to deliver IaC guardrails, image baselines, and patch/vulnerability workflows
- Respond to cloud incidents as a point of escalation; perform triage, containment, and post-incident improvements
- Develop automation architecture where applicable to optimize cloud detection and response capabilities
- Leverage automation and AI-assisted capabilities where appropriate to enhance cloud detection and response
- Document standards and runbooks; conduct enablement sessions with dev and ops teams
- Design partner in cloud security strategy and program maturity
Requirements
- Bachelor’s in computer science/engineering or equivalent experience
- 4–7 years in cloud security engineering across at least one major CSP
- Strong knowledge of IAM, networking, encryption, and cloud-native security tooling
- Experience securing hybrid environments spanning on-premises and Azure cloud
- Scripting/automation expertise (Python/Bash/PowerShell; Terraform/Bicep/ARM)
- Certifications: CCSP; AWS Certified Security – Specialty, Azure Security Engineer Associate (AZ-500), or Google Professional Cloud Security Engineer
- Good to have: Experience with CIEM solutions and multi-cloud governance
- Certifications: GIAC Cloud (GCSA/GPCS), CNCF CKA/CKS, vendor pro-level architect certs
Tech Stack
- AWS
- Azure
- Cloud
- Python
- Terraform
- Vault
Benefits
- Medical, Dental and Vision Coverage
- Health and Dependent Savings Accounts
- Life and Disability Programs
- Voluntary Benefit Programs
- Company Sponsored Wellness Programs
- Retirement Savings with Company Match
- Team Member and Family Assistance Program (EAP)
- Paid Time Off and Paid Holidays
- Employee Recognition Program with Rewards (RAVE)