Jobs · Information Technology

Senior DevOps Engineer

CMG Financial · United States · 6 days ago
RemoteRemoteInformation TechnologyFull-time

ESSENTIAL DUTIES and RESPONSIBILITIES

  • Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access.
  • Enforce preventative guardrails with Azure Policy and benchmark configuration against CIS Benchmarks and the NIST Cybersecurity Framework.
  • Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access, and run periodic access reviews and attestations.
  • Use Microsoft Purview and Defender for Cloud data-aware posture (DSPM) to classify and protect sensitive cloud data.
  • Embed security into Terraform and GitHub Actions pipelines, including IaC scanning, policy-as-code, and secrets management.
  • Support threat modeling and secure design reviews for new and changing cloud workloads.
  • Engineer Microsoft Sentinel data ingestion (data connectors, Data Collection Rules and Endpoints) and build detections.
  • Integrate Microsoft Defender for Cloud and Defender XDR signals into Sentinel for unified detection and response.
  • Support cloud threat hunting, incident response, and automation of enrichment and remediation.
  • Map cloud controls to recognized frameworks and produce control evidence for regulatory examinations and investor and agency audits.

Required Qualifications

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.
  • 3+ years in cloud security or cloud engineering, including hands-on Microsoft Azure security.
  • Core Cloud Security Skills (Azure): Microsoft Defender for Cloud, Azure Policy, and Microsoft Entra ID (Azure RBAC, PIM, Conditional Access).
  • Cloud security posture management (CSPM/CNAPP), with the ability to find and remediate misconfigurations and excessive access.
  • DevSecOps and Automation Infrastructure-as-Code with Terraform and CI/CD security in GitHub Actions.
  • Scripting and automation with Python, PowerShell, and KQL.
  • Using GenAI to generate and validate scripts is welcomed and approved.
  • Detection and Monitoring: Microsoft Sentinel, including Log Analytics ingestion (data connectors, DCR/DCE).
  • Security architecture, design review, and threat modeling, with working knowledge of NIST CSF and CIS Benchmarks.

Preferred Certifications

  • AZ-500, SC-100, or a relevant GIAC credential (GCSA, GCDA, or GCFR).

Nice to Have

  • Hands-on AWS security (the role is Azure-primary; AWS is a plus).
  • GitHub Advanced Security (GHAS); container and Kubernetes (AKS) security.
  • Secrets and key management (Azure Key Vault).
  • Experience in financial services, mortgage, or other highly regulated industries, including producing audit and examination evidence.

Similar jobs

Senior DevOps Engineer

Applied Research SolutionsBeavercreek Township, OH· 1 mo ago
Engineeringapply on recruiting.ultipro.com

Senior DevOps Engineer

Full Visibility LLCHuntsville, AL· 1 mo ago
Engineeringapply on fullvisibility.zohorecruit.com

Senior DevOps Engineer

LeidosGaithersburg, MD· 1 mo ago
Information Technology$108k–$195k/yrapply on careers.leidos.com