Role: Senior Cloud Security Engineer
Location: Warren NJ (Hybrid)
Type: C2C
About the Role
We're hiring a Senior Cloud Security Engineer to serve as the dedicated owner of cloud security remediation and hardening across our environment.
Our organization already has an established security team that identifies risks and issues recommendations. This role does not sit on that team. Instead, you are the engineer who turns those recommendations into durable, well-architected fixes-and, just as importantly, makes sure the same findings don't come back.
This is a hands-on engineering role, not an advisory one. Success means a measurably more secure environment, a shrinking backlog of recurring findings, and security controls that are enforced by design rather than by manual effort or one-off patches.
What You'll Do
Remediation & recurrence prevention (the core of this role)
-
Own the full lifecycle of security findings and recommendations-whether they come from the security team, Microsoft Defender for Cloud, or other tooling-through triage, remediation, verification, and closure.
-
Root-cause recurring issues and implement
systemic fixes (policy-as-code, automated guardrails, secure baselines) so the same findings don't reappear quarter after quarter.
-
Track remediation SLAs and report on risk reduction and posture trends over time.
Identity & authentication
-
Secure and govern modern authentication flows across the estate:
OIDC, OAuth 2.0 with PKCE, JWT validation and handling, and
mTLS.
-
Administer and harden
Microsoft Entra ID (Azure Entra): app registrations and Enterprise Application permissions, consent governance, service principals and managed identities, credential and secret hygiene, and least-privilege scoping.
-
Design, implement, and continuously tune
Conditional Access policies.
Cloud security engineering & governance
-
Build and enforce guardrails using
Azure Policy and
Terraform; maintain secure-by-default infrastructure-as-code baselines and detect/remediate configuration drift.
-
Operate
Microsoft Defender for Cloud-drive secure-score improvement, remediate recommendations, and manage cloud security posture (CSPM).
-
Contribute to
security governance: standards, control definitions, exception handling, and audit evidence.
Admin portal & privileged access security
-
Secure
all cloud and SaaS administrative portals-Azure and other admin consoles (e.g., Microsoft 365 admin, identity providers, and any additional cloud platforms in use).
-
Strengthen privileged access: MFA enforcement, Privileged Identity Management (PIM) / just-in-time elevation, role minimization, and break-glass procedures.
AI security
-
Apply security controls to
AI workloads, services, and AI agents: agent and workload identities, tool and permission scoping, data-exposure and prompt-injection risk, and emerging AI security best practices.
What You Bring (Required)
-
8+ years in cloud security or security engineering, with deep, hands-on
Azure experience.
-
Strong, hands-on
Microsoft Entra ID expertise: app registrations, Enterprise Apps, permissions and consent, and Conditional Access.
-
Solid working knowledge of modern authentication:
OIDC, OAuth 2.0 / PKCE, JWT, and mTLS.
-
Proficiency with
Terraform and
Azure Policy for policy-as-code and automated guardrails.
-
Experience with
Microsoft Defender for Cloud and cloud security posture management.
-
A demonstrable track record of
root-causing and permanently closing security findings-not just patching them.
-
Working understanding of
AI, AI agents, and AI security considerations.
Nice to Have
-
Multi-cloud exposure (AWS, GCP).
-
Relevant certifications (e.g., Microsoft
SC-100, AZ-500, SC-300; CISSP).
-
Experience with CI/CD pipeline security, secrets management, and SIEM/SOAR.
-
Scripting/automation (PowerShell, Python).
-
Hands-on experience securing LLM-based or agentic systems in production.