Cloud Security Engineer

Lead the deployment, configuration, and ongoing management of Microsoft Defender for Cloud, including secure score improvement, regulatory compliance mapping, and workload protection. Implement and manage Azure and M365 security tools, including Defender for Cloud, Microsoft Sentinel, Entra ID (Azure AD), Intune, Purview, and Conditional Access. Monitor, analyze, and respond to security alerts from Defender for Cloud, MDR vendors, and EDR platforms; perform investigation and root cause analysis.

Configure and manage cloud security posture management (CSPM) and cloud workload protection (CWPP) capabilities within Defender for Cloud. Implement and maintain network security controls, including firewalls, VPNs, NSGs, WAFs, and Azure network segmentation. Manage identity and access governance across Azure AD and M365 using RBAC, MFA, and least-privilege principles.

Conduct vulnerability assessments using Defender for Cloud recommendations and oversee remediation tracking. Perform security and compliance reviews across Azure and cloud workloads, ensuring alignment with Defender for Cloud regulatory standards (e.g., HIPAA, NIST). Maintain security documentation (data flow diagrams, network diagrams, runbooks) and support tabletop exercises.

Participate in incident response and disaster recovery testing; ensure RTO/RPO objectives are met. Collaborate with IT and compliance teams to align with HIPAA, NIST, and SOC 2 standards. Stay current with emerging threats and continuously optimize Defender for Cloud configurations and security posture.

Required Skills & Experience: 3–5+ years of experience in security engineering, cloud security, or infrastructure security roles. Minimum 2+ years of hands-on experience with Microsoft Defender for Cloud (required). Strong expertise in Defender for Cloud, including CSPM, CWPP, secure score management, and regulatory compliance features.

Hands-on experience securing Microsoft Azure environments and integrating security services across M365. Strong working knowledge of Microsoft Sentinel, Entra ID (Azure AD), Intune, Purview, and Conditional Access. Experience implementing and managing cloud and network security controls, including NSGs, WAFs, firewalls, and segmentation.

Practical experience with identity and access management, including RBAC, MFA, and least-privilege principles in hybrid environments. Experience with security monitoring, incident response, and collaboration with MDR/EDR providers. Experience leveraging Defender for Cloud recommendations for vulnerability management and remediation tracking.

Familiarity with regulatory frameworks such as HIPAA, NIST, and SOC 2 in regulated environments. Ability to work cross-functionally and communicate security risks effectively to both technical and non-technical stakeholders. akbar.shah@sysgain.com 9154220598