Jobs · Information Technology · Arizona

Cloud Security Engineer - Azure

Avnet · Tempe, AZ · 1 mo ago
HybridInformation TechnologyFull-time

About the role

Develops, maintains, and enhances secure cloud platform solutions in support of Business Cloud Services delivery. Performs hands-on security operations, automates repeatable security and governance processes, and coordinates remediation activities across Azure, GitHub Enterprise, and BCS-managed applications. Collaborates with BCS developers, architects, leadership, and Security teams to help ensure cloud solutions are designed, delivered, and operated securely.

Responsibilities

  • Supports the implementation, operation, and continuous improvement of security controls for BCS-managed Azure resources and cloud platform services.
  • Maintains monitoring, review, triage, and coordination of remediation of security findings from Microsoft Defender for Cloud and other approved security tools.
  • Assists with security exception and exemption requests by gathering required technical details, validating business and technical context, and supporting approval workflows.
  • Validates remediation actions, tracks closure of security findings, and helps ensure issues are resolved in alignment with approved security requirements and timelines.
  • Supports Microsoft Entra ID security groups, app registrations, service principals, managed identities, and related identity and access configurations.
  • Executes RBAC assignments and access changes in accordance with approved access models, least privilege principles, and operational requirements.
  • Supports Microsoft Entra Privileged Identity Management role assignments, activations, reviews, and related privileged access processes.
  • Supports access reviews, audits, and compliance activities by validating access, configurations, and supporting evidence.
  • Supports security controls within GitHub Enterprise, including repository-level security practices, access controls, and development workflow security.
  • Affirms CI/CD security practices, including use of GitHub Advanced Security, secure pipeline configuration, and remediation of pipeline or repository security findings.
  • Triage and track application, repository, and software supply chain security findings using Security-provided tools such as Legit Security, ArmorCode, or similar platforms.
  • Works directly with BCS developers, architects, and engineering teams to coordinate remediation activities and resolve vulnerabilities with minimal disruption.
  • Tracks vulnerabilities, ownership, remediation status, recurring issues, and blockers; escalates risks and trends to BCS leadership as appropriate.
  • Automates repeatable security, governance, access, and remediation tasks using scripting, templates, tooling, and standard processes.
  • Develops and maintains reusable security templates, patterns, and standards for identity and access configurations, CI/CD security controls, common remediation scenarios, and cloud security operations.
  • Serves as an operational contact for BCS security issues, including investigation support, technical information gathering, log collection, and coordination with appropriate stakeholders.
  • Escalates security incidents, operational risks, remediation blockers, and recurring issues to BCS leadership and Security teams as needed.
  • Provides practical, developer-friendly security guidance to support shift-left security practices and improve secure development behaviors across BCS teams.
  • Documents security processes, platform configurations, remediation procedures, templates, and operational best practices.

Requirements

Applies strong working knowledge of cloud security, Azure security services, Microsoft Entra ID, RBAC, privileged access management, GitHub Enterprise, CI/CD security, and DevSecOps practices. Works independently on assigned security operations, remediation, automation, and platform support activities while using judgment to evaluate risks, prioritize issues, and recommend practical solutions. Collaborates across BCS engineering, development, architecture, leadership, and Security teams to coordinate remediation activities and improve the security posture of BCS-managed applications and cloud environments. May provide technical guidance and support to developers and engineering teams on secure configuration, remediation approaches, access models, CI/CD controls, and shift-left security practices. Contributes to the development and improvement of security standards, reusable templates, automation patterns, operational procedures, and best practices for BCS cloud and application environments. Identifies recurring security issues, operational inefficiencies, and risk patterns; recommends improvements to reduce manual effort, improve consistency, and strengthen security outcomes.

Qualifications

  • Typically 8+ years with bachelor's or equivalent.
  • Bachelor's degree or equivalent experience from which comparable knowledge and job skills can be obtained.
  • Experience supporting cloud environments, security operations, DevSecOps practices, platform engineering, application security, or related technology functions.
  • Hands-on work with Azure security, Microsoft Defender for Cloud, Microsoft Entra ID, RBAC, privileged access concepts, GitHub Enterprise, CI/CD pipelines, vulnerability remediation, and automation of operational or security tasks.
  • This role is focused on hands-on cloud security operations, remediation coordination, identity and access support, GitHub and CI/CD security, application and supply chain security, and security automation for BCS-managed environments.
  • The position is distinguished by its embedded role within the BCS engineering team and its close collaboration with developers, architects, leadership, and the Security team.
  • Strong familiarity with Azure security services, Microsoft Defender for Cloud, Microsoft Entra ID, RBAC, PIM, GitHub Enterprise, CI/CD security practices, and automation through scripts, templates, or tooling.
  • Prior experience in a DevSecOps or cloud engineering environment.
  • Preferred experience includes GitHub Advanced Security, Legit Security, ArmorCode, AI-assisted operational approaches.
  • Preferred Certifications Or Training May Include Microsoft Azure security or administrator certification, Microsoft identity and access management certification, GitHub Advanced Security or GitHub Enterprise training, Cloud security, DevSecOps, or application security certification, Related certifications in cybersecurity, cloud engineering, or infrastructure automation.

Skills

  • Strong working knowledge of cloud security, Azure security services, Microsoft Entra ID, RBAC, privileged access management, GitHub Enterprise, CI/CD security, and DevSecOps practices.
  • Ability to translate security findings into actionable remediation steps, support developers with practical guidance, and help strengthen security practices without creating unnecessary delivery friction.
  • Strong familiarity with Azure security services, Microsoft Defender for Cloud, Microsoft Entra ID, RBAC, PIM, GitHub Enterprise, CI/CD security practices, and automation through scripts, templates, or tooling.
  • Prior experience in a DevSecOps or cloud engineering environment.
  • Preferred experience includes GitHub Advanced Security, Legit Security, ArmorCode, AI-assisted operational approaches.

Benefits

Generous Paid Time Off, 401K and Pension Plan, Paid Holidays, Family Support (Paid Leave, Surrogacy, Adoption), Medical, Dental, Vision, and Life Insurance, Long-term and Short-term Disability Insurance, Health Savings Account / Flexible Spending Account, Education Assistance, Employee Development Resources, Employee Wellness, Leadership Development and Mentorship Programs.

Pay

N/A

Schedule

N/A

Similar jobs

Cloud Engineer - Azure

Core Specialty Insurance Holdings, Inc.Cincinnati, OH· 3 wk ago
Information Technologyapply on corespecialtyinsurance.wd1.myworkdayjobs.com

Cloud Engineer (Azure)

KellyMitchell GroupSan Francisco, CA· 3 wk ago
Information Technology$65–$77/hrapply on careers.kellymitchell.com

Cloud Engineer (Azure)

Trustar BankCentreville, VA· 2 mo ago
Engineering$120k/yrapply on trustar-bank.careerplug.com