Key skills
Azure Security EngineerWindows Server securityMicrosoft SCCMPowerShellAzure PaaS securityC#AKS administrationcontainer securityanalytical skillscollaboration abilitiesCSQLAzureKubernetesDockerVaultAKSHelmAzure DevOpsCommunicationCollaborationNetwork SecurityFirewall
About this role
Calance is seeking a highly skilled and experienced Senior Azure Security Engineer responsible for ensuring the security and integrity of an Azure-based infrastructure. The role involves remediating vulnerabilities, fixing misconfigurations, and enhancing security across various Azure services and platforms while working closely with cross-functional teams to implement security best practices.
Responsibilities:
- Remediate OS-level and VM-configuration vulnerabilities on Windows servers
- Manage and secure Windows Server environments (2016–2022) through patching, Group Policy Objects (GPO), TLS hardening, and Desired State Configuration (DSC)
- Address Wiz VM vulnerability and misconfiguration findings
- Utilize Microsoft SCCM for patch management and automation
- Implement PowerShell automation at scale for efficient security management
- Tighten Network Security Groups (NSG) and firewalls, and ensure disk encryption (ADE/SSE-CMK) and endpoint protection
- Fix misconfigurations across Azure App Services, SQL, Storage, Key Vault, and other PaaS offerings
- Implement Azure PaaS security controls, including TLS, managed identity, private endpoints, firewall rules, and AAD-only authentication
- Map Wiz CSPM findings to Azure resource properties and address them effectively
- Author Azure Policies, including custom definitions and remediation tasks
- Utilize C# to add security guardrails to deployment tools
- Integrate security checks into Azure DevOps Pipelines using Wiz CLI and policy-as-code
- Remediate container image CVEs, AKS cluster misconfigurations, and runtime posture gaps
- Administer AKS clusters, including upgrades, private cluster configurations, and authorized IP ranges
- Apply Linux fundamentals to manage AKS nodes
- Conduct Wiz container scanning to identify and address image CVEs and KSPM issues
- Integrate Wiz CLI and Admission Controller into Azure DevOps Pipelines
- Remediate Dockerfile issues, including base image pinning and multi-stage builds
- Harden Kubernetes environments with Pod Security Standards, NetworkPolicies, RBAC, and Key Vault CSI driver
- Perform ACR registry scanning and Helm chart security reviews
Requirements:
- Proven experience as Azure Security Engineer or similar role
- Strong expertise in Windows Server security and configuration management
- Proficiency in Microsoft SCCM, PowerShell, and Azure DevOps
- Experience with Azure PaaS security controls and policy authoring
- Proficiency in C# for security tool development
- Solid understanding of AKS administration and Linux fundamentals
- Experience with container security, including Docker and Kubernetes
- Familiarity with Wiz security tools and integration into DevOps pipelines
- Strong analytical and problem-solving skills
- Excellent communication and collaboration abilities