MatchPoint is a company focused on cloud security solutions, and they are seeking an Azure Security Engineer to support the design and implementation of security controls within Microsoft Azure. The role involves configuring cloud-native security services, performing security assessments, and delivering key security documentation and reports.
Responsibilities:
- Support the design and implementation of Azure landing zone controls, identity, and network guardrails (VNet, NSGs, private endpoints) as directed by Ardent Mills security leadership
- Configure and tune cloud-native security services (Microsoft Sentinel, Defender XDR)
- Configure and tune Microsoft Defender for Cloud Apps (CASB) — connected apps, policies, session controls, and real-time monitoring integrations (e.g., Power Platform / citizen developer governance)
- Perform Cloud Security Posture Management (CSPM) assessments against CIS Azure Foundations Benchmark and Microsoft Cloud Security Benchmark (MCSB), and deliver prioritized remediation plans
- Execute tooling onboarding and configuration for in-scope cloud security tools as directed, including baseline setup, policy configuration, and integration
- Build and deploy Azure Policy initiatives, policy-as-code, and automated remediation to reduce configuration drift
- Implement key management, encryption at rest/in transit, and certificate governance using Azure Key Vault
- Configure logging, telemetry, and alerting (Azure Monitor, Log Analytics) integrated with SIEM/XDR; validate detection coverage
- Harden serverless, containers, and managed services (Functions, Logic Apps, Container Apps, AKS, ACI) using established baselines
- Perform threat modeling and security reviews for specific in-scope cloud architectures and application designs
- Deliver IaC guardrails (Terraform/Bicep/ARM), image baselines, and vulnerability workflows in partnership with platform teams
- Support cloud incident triage and containment activities as needed during the engagement (not on-call escalation owner)
- Document standards, runbooks, and configurations to enable knowledge transfer to full-time staff at engagement close
Requirements:
- Microsoft Azure
- Microsoft Defender for Cloud
- Microsoft Sentinel (SIEM/SOAR)
- Microsoft Entra ID (Azure AD)
- Azure Firewall, NSGs, WAF, DDoS Protection
- Azure Key Vault
- Azure Policy & Azure Landing Zones
- Identity and access management (IAM), Conditional Access & Privileged Identity Management (PIM)
- Terraform, ARM Templates, Bicep
- PowerShell, Azure CLI
- GitHub Actions or Azure DevOps
- VPN, ExpressRoute, Private Link
- Vulnerability Management
- Incident Response & Threat Detection
- Zero Trust Architecture
- 4–7 years of hands-on cloud security engineering experience, primarily Microsoft Azure
- Demonstrated experience delivering Azure Policy, IaC guardrails, and CSPM/CWPP outcomes on prior engagements
- Hands-on experience configuring Microsoft Defender for Cloud Apps (CASB) or an equivalent CASB solution
- Experience performing posture assessments against CIS Benchmarks and/or Microsoft Cloud Security Benchmark
- Strong knowledge of IAM, networking, encryption, and cloud-native security tooling
- Experience securing hybrid environments spanning on-premises and Azure
- Scripting/automation expertise (KQL, Python/Bash/PowerShell; Terraform/Bicep/ARM)
- Certifications: Azure Security Engineer Associate (AZ-500) required
- Ability to work independently with minimal ramp-up and deliver against defined milestones
- CCSP or equivalent