Information Security Engineer- Developer

Key Responsibilities

Cloud & Infrastructure Architecture

• Design andmaintainaSecure CloudArchitectureforIaaS, PaaS, and SaaS solutionswithMicrosoft security technologiessuch asDefender, Sentinel, Purview, Endpoint Management, and Entra IDto protect enterprise and client assets.

• Build and deploy security architecture thatenforcesZero Trust principles across M365,tenants, Azure subscriptions, B2C tenants, enterprise virtual systems,landing zones,virtualdesktopsand devices.

• Establishsecuritycontrols around DevOps,secretsmanagement,key vaults, and managed identities to secure service to servicepatterns.

• Architect resilient, scalable, and cost-optimized cloud solutions using Azure best practicesand risk-based spendingalignment

• This rolewillown security architecture standards, reference architecture, guardrails, and exception decisions in partnership with theChief Information Security Officer.

Identity & Access Management

• Establish and enforce hardened identity management for identities including Entra ID, service principles, andworkloadidentities while enforcing least-privilege across environments and mitigating path to privilege.

• Architectidentity securityusingconditionalaccess, MFA,phishingresistant authentication,Privileged Identity Management (PIM), and Zero Trust principles

• Design and integrate Privileged Access Management (PAM) tools in active directory environments which include both Windows and Linux toeliminatethe use of interactive service accounts and password handling while providing secure privilege access management practices, automation, and secure service-to-service communications.

• Design andincorporatesecurity best practice fordevice &endpointmanagementincorporatingidentity and accessmanagementwithinternet accessrestrictionssupportingWindows, macOS, iOS, and Android devices.

Security & Compliance

• Architect and govern AI platforms and data flows across Azure OpenAI and Microsoft Copilot extensibility, integrating MCP-based systems with enterprise identity, device, and data protection controls to prevent leakage, enforce consent boundaries, and ensure auditability.

• Establish and enforce AI governance controls for MCP endpoints and AI-driven data access, including Entra ID–based authorization, data provenance, policy enforcement, and compliance logging.

• Drive Purview-based data governanceincluding classification strategy, sensitivity labels, DLP enforcement, information barriers, and cross-tenant controls.

Collaboration & Leadership

• Act as a technical authority and advisor to engineering, security, and operations teams

• Translate business requirements into technical cloud solutions

• Produce architecture diagrams, documentation, and standards

• Mentor engineers and elevate team maturity by contributing to cloud best practices and roadmaps, conducting design reviews, buildinghardened securitypatterns, and providing coaching to strengthen engineering practices.

Minimum Qualifications:

• Bachelor’sdegree in computer science, engineering, or related field.

• 8-10years of security design,implementationand ownershipexperiencewithMicrosoftsecurity tooling

• 10+years of hands-onproficiencyin multiple cybersecurity competencies (e.g., network security, systems security, application security, security operations)

• 10+ years’ experience performing security testing or technical controls validation, including documentation of testing methods and results.

• 10+ years’ experience in Azure cloud architecture and security services.

Preferred Qualifications:

• Experience withEnd User Workstation Security Controls to include MAC,Windowsand Virtual Desktops.

• Experience with Microsoft productsto includeMicrosoft Endpoint Manager,Entra, Defender, Sentinel and M365.

• Experience withsecuring both Azure cloud as well as hybrid cloud environments using the Microsoft security tooling.

• Advance knowledge of Microsoft Defender andSentinel andproficiencyinKQL query language.

• Experience withMicrosoft Defender for Cloudto includeregulatory compliance dashboard configuration and continuous assessment; integrating Defender for Cloud into CI/CD pipelines andIaCworkflows; and practical knowledge of CSPM and CWPP capabilities.

• Experience with Azure Policy, subscription structure, billing account, and management groups

• Proactive awareness of emerging cybersecurity threats and technologies

• Detailoriented with strong verbal and presentation skills.

• Excellent interpersonal, communication, and negotiation skills

• Effective written and oral communication, technical writing, and editing skills

• Security-related certification (i.e., Security+, CISSP, GIAC, etc.)

• Experience with landing zone security baselines and guardrails