Sr. Cloud Security Engineer (Remote)
Inspira Financial · Oak Brook, IL · Yesterday
Information Technology$125k–$155k/yrFull-time
About the role
The Sr. Cloud Security Engineer (Sr. CSE) is a hybrid cloud and security engineering role responsible for the hands-on remediation of infrastructure and cloud vulnerabilities, ensuring cloud and infrastructure resources maintain compliance with established policies and Minimum-Security Baselines (MSBs), and reporting the organization's current compliance posture.
Responsibilities
- Vulnerability Remediation & Security Operations
- Perform hands-on remediation of infrastructure and cloud vulnerabilities, driving issues to closure within established SLAs and policy requirements
- Operate and administer vulnerability management and cloud security posture management (CSPM/DSPM) tooling - managing scan coverage, remediating findings, and reporting on SLA adherence
- Identify, prioritize, and remediate cloud misconfigurations and security posture gaps across the organization's Azure subscriptions and infrastructure
- Implement and validate security controls across cloud-native services, IaaS, PaaS, and container-based workloads
- Maintain and enforce secure configurations across firewalls, network security components, application delivery infrastructure, and compute platforms in partnership with the Security Team
- When needed, assist with privileged credential hygiene, certificate lifecycle, and secrets governance across the environment
- Maintain awareness of known and emerging vulnerabilities across the full technology stack - cloud services, OS platforms, network components, and application runtimes
- Compliance, Policy & Reporting
- Monitor and report the organization's compliance posture against established security policies, baselines, and regulatory frameworks
- Partner with the Security team to define, author, and maintain cloud and infrastructure security policies - keeping pace with evolving industry trends and regulatory requirements
- Review and update existing policies on a regular cadence to reflect changes in the cloud environment and threat landscape
- Produce accurate, timely compliance posture reports for leadership - covering baseline adherence, vulnerability SLA performance, and remediation progress
- CI/CD Pipeline & Infrastructure Security
- Support secure configuration management across server and cloud environments
- Ensure PKI and certificate management practices are maintained across the environment - including TLS/SSL lifecycle, renewal processes, and certificate inventory
- Technical Leadership & Mentorship
- Serve as an informal technical leader and security subject matter expert across Cloud Engineering, Platform Engineering, and adjacent teams
- Mentor engineers on security best practices, secure design patterns, and compliance requirements - elevating security competency across the department without direct people management responsibilities
- Contribute to architecture and design reviews, providing a security lens on cloud platform decisions in partnership with the Cloud Architect
- Cross-Team Collaboration
- Cloud Engineering & Platform Engineering - consult on secure architecture, container platform hardening, network segmentation, and pipeline security practices
- Identity & Access Management (IAM) - partner on identity governance, privileged access management, and access control policy enforcement
- Incident Response / Vulnerability Management - collaborate with the Security Detection & Response team on vulnerability prioritization, SLA tracking, remediation coordination, and incident response activities
- Audits & Assessments - provide technical support for evidence gathering, compliance posture reporting, and audit response
- Application Development Teams - consult on security requirements for cloud-native application platforms, ensuring developer environments are built securely from the ground up
Additional Requirements
- As part of the evaluation process, candidates who progress beyond the initial screening will be required to complete a formal technical assessment to validate coding proficiency and technical competency.
Preferred Qualifications
- Education & Experience:
- 10+ years of experience in cloud engineering, infrastructure, or security engineering - with demonstrated hands-on security work, not just advisory
- Bachelor's Degree in Computer Science, Software/Computing Engineering, Information Security, or related field - or equivalent experience
- Technical certifications preferred: AZ-500, SC-100, SC-200, AZ-104, or equivalent cloud/security certifications
- Experience working in regulated industries (Financial Services, Insurance, or Health-Tech preferred)
- Familiarity with compliance frameworks: NIST, HIPAA, PCI and Minimum Security Baselines (MSBs)
- Skills & Abilities:
- Hands-on experience or significant exposure to the following services and concepts:
- Cloud Platform - Azure Networking & Security: Virtual Networks (VNETs) and peering, NSGs, UDRs, Private Endpoints, Azure Firewall, Application Gateways (including WAF - OWASP ruleset configuration, Detection vs. Prevention mode), ExpressRoute, VPN Gateways, and Azure Bastion
- Compute & Containers: Virtual Machines, VM Scale Sets, AKS (Kubernetes), and Container App Environments - including cluster hardening, network policy enforcement, workload identity, and Azure Policy for Kubernetes
- Identity & Access: Active Directory (on-prem, hybrid Entra Connect sync), Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policy design and enforcement, Azure RBAC (including custom role design), and Entra ID Protection
- Security & Compliance Tooling: Microsoft Sentinel, Microsoft Defender for Cloud (Defender for Containers, Defender for Servers, Defender CSPM), and Azure Policy
- Monitoring & Observability: Azure Monitor - KQL, alert rule configuration, log-based queries, and action group integrations; familiarity with Log Analytics Workspace architecture and log ingestion patterns at scale
- Secrets & Certificates: Azure Key Vault and Key Vault CSI Secrets Store driver for AKS
- Storage & Recovery: Storage Accounts, Backup Vault, and Azure Site Recovery
- Virtual Desktop: Azure Virtual Desktop (AVD)
- Security Tooling: Rapid7 - vulnerability management and scanning (InsightVM or InsightIDR); scan configuration, reporting, and SLA tracking
- Datadog - log management, infrastructure monitoring, and security-adjacent alerting
- Identity, Access & Privileged Access Management: Delinea Secret Server (Thycotic) - PAM administration, privileged credential vault management, and access policy configuration
- Conditional Access, PIM, and RBAC - policy design, enforcement, and least-privilege access models at enterprise scale
- Microsoft Intune - device compliance enforcement as part of a Zero Trust security posture
- Certificate Management - PKI, TLS/SSL lifecycle management, certificate inventory, and renewal processes
- Network & Perimeter Security: Cloudflare (Enterprise) - CDN, WAF, DDoS protection, and DNS proxy configuration and management
- Network routing and VPN - hub-and-spoke topology, route tables, ExpressRoute, and VPN Gateway
- Cisco ASAv - virtual firewall configuration and management
- DNS, DHCP, and Group Policy - enterprise-scale administration in hybrid environments
- Azure DevOps (ADO) - CI/CD pipeline security, build agent management, and secure pipeline design
- GitHub / GitLab - source control security, branch protection, secret scanning, and pipeline hardening
- Infrastructure-as-Code (IaC): Terr