Senior Azure Security Engineer

Senior Azure Security Engineer

Location:

Remote

Duration:

6-12 months

Position Overview:

We are seeking a highly skilled and experienced Senior Azure Security Engineer. The ideal candidate will be responsible for ensuring the security and integrity of an Azure-based infrastructure. This role involves remediating vulnerabilities, fixing misconfigurations, and enhancing security across various Azure services and platforms. The Senior Azure Security Engineer will work closely with cross-functional teams to implement security best practices and ensure compliance with industry standards.

Key Responsibilities:

OS-Level and VM Configuration Security:

Remediate OS-level and VM-configuration vulnerabilities on Windows servers.

Manage and secure Windows Server environments (2016 2022) through patching, Group Policy Objects (GPO), TLS hardening, and Desired State Configuration (DSC).

Address Wiz VM vulnerability and misconfiguration findings.

Utilize Microsoft SCCM for patch management and automation.

Implement PowerShell automation at scale for efficient security management.

Tighten Network Security Groups (NSG) and firewalls, and ensure disk encryption (ADE/SSE-CMK) and endpoint protection.

Azure PaaS Security:

Fix misconfigurations across Azure App Services, SQL, Storage, Key Vault, and other PaaS offerings.

Implement Azure PaaS security controls, including TLS, managed identity, private endpoints, firewall rules, and AAD-only authentication.

Map Wiz CSPM findings to Azure resource properties and address them effectively.

Author Azure Policies, including custom definitions and remediation tasks.

Utilize C# to add security guardrails to deployment tools.

Integrate security checks into Azure DevOps Pipelines using Wiz CLI and policy-as-code.

Container and AKS Security:

Remediate container image CVEs, AKS cluster misconfigurations, and runtime posture gaps.

Administer AKS clusters, including upgrades, private cluster configurations, and authorized IP ranges.

Apply Linux fundamentals to manage AKS nodes.

Conduct Wiz container scanning to identify and address image CVEs and KSPM issues.

Integrate Wiz CLI and Admission Controller into Azure DevOps Pipelines.

Remediate Dockerfile issues, including base image pinning and multi-stage builds.

Harden Kubernetes environments with Pod Security Standards, NetworkPolicies, RBAC, and Key Vault CSI driver.

Perform ACR registry scanning and Helm chart security reviews.

Requirements:

Proven experience as an Azure Security Engineer or similar role.

Strong expertise in Windows Server security and configuration management.

Proficiency in Microsoft SCCM, PowerShell, and Azure DevOps.

Experience with Azure PaaS security controls and policy authoring.

Proficiency in C# for security tool development.

Solid understanding of AKS administration and Linux fundamentals.

Experience with container security, including Docker and Kubernetes.

Familiarity with Wiz security tools and integration into DevOps pipelines.

Strong analytical and problem-solving skills.

Excellent communication and collaboration abilities.