Senior Cloud Security Engineer

Role: Senior Cloud Security Engineer

Location: Warren NJ (Hybrid)

Type: C2C

About the Role

Were hiring a Senior Cloud Security Engineer to serve as the dedicated owner of cloud security remediation and hardening across our environment.

Our organization already has an established security team that identifies risks and issues recommendations. This role does not sit on that team. Instead you are the engineer who turns those recommendations into durable well-architected fixes-and just as importantly makes sure the same findings dont come back.

This is a hands-on engineering role not an advisory one. Success means a measurably more secure environment a shrinking backlog of recurring findings and security controls that are enforced by design rather than by manual effort or one-off patches.

What Youll Do

Remediation & recurrence prevention (the core of this role)

• Own the full lifecycle of security findings and recommendations-whether they come from the security team Microsoft Defender for Cloud or other tooling-through triage remediation verification and closure.
• Root-cause recurring issues and implement systemic fixes (policy-as-code automated guardrails secure baselines) so the same findings dont reappear quarter after quarter.
• Track remediation SLAs and report on risk reduction and posture trends over time.

• Secure and govern modern authentication flows across the estate: OIDC OAuth 2.0 with PKCE JWT validation and handling and mTLS.
• Administer and harden Microsoft Entra ID (Azure Entra): app registrations and Enterprise Application permissions consent governance service principals and managed identities credential and secret hygiene and least-privilege scoping.
• Design implement and continuously tune Conditional Access policies.

• Build and enforce guardrails using Azure Policy and Terraform; maintain secure-by-default infrastructure-as-code baselines and detect/remediate configuration drift.
• Operate Microsoft Defender for Cloud-drive secure-score improvement remediate recommendations and manage cloud security posture (CSPM).
• Contribute to security governance: standards control definitions exception handling and audit evidence.

• Secure all cloud and SaaS administrative portals-Azure and other admin consoles (e.g. Microsoft 365 admin identity providers and any additional cloud platforms in use).
• Strengthen privileged access: MFA enforcement Privileged Identity Management (PIM) / just-in-time elevation role minimization and break-glass procedures.

• Apply security controls to AI workloads services and AI agents: agent and workload identities tool and permission scoping data-exposure and prompt-injection risk and emerging AI security best practices.

• 8 years in cloud security or security engineering with deep hands-on Azure experience.
• Strong hands-on Microsoft Entra ID expertise: app registrations Enterprise Apps permissions and consent and Conditional Access.
• Solid working knowledge of modern authentication: OIDC OAuth 2.0 / PKCE JWT and mTLS.
• Proficiency with Terraform and Azure Policy for policy-as-code and automated guardrails.
• Experience with Microsoft Defender for Cloud and cloud security posture management.
• A demonstrable track record of root-causing and permanently closing security findings-not just patching them.
• Working understanding of AI AI agents and AI security considerations.

• Multi-cloud exposure (AWS GCP).
• Relevant certifications (e.g. Microsoft SC-100 AZ-500 SC-300; CISSP).
• Experience with CI/CD pipeline security secrets management and SIEM/SOAR.
• Scripting/automation (PowerShell Python).
• Hands-on experience securing LLM-based or agentic systems in production.