Jobs · Information Technology · Illinois

Sr. Cloud Security Engineer (Remote)

Inspira Financial · Oak Brook, IL · Yesterday
Information Technology$125k–$155k/yrFull-time

About the role

The Sr. Cloud Security Engineer (Sr. CSE) is a hybrid cloud and security engineering role responsible for the hands-on remediation of infrastructure and cloud vulnerabilities, ensuring cloud and infrastructure resources maintain compliance with established policies and Minimum-Security Baselines (MSBs), and reporting the organization's current compliance posture.

Responsibilities

  • Vulnerability Remediation & Security Operations
    • Perform hands-on remediation of infrastructure and cloud vulnerabilities, driving issues to closure within established SLAs and policy requirements
    • Operate and administer vulnerability management and cloud security posture management (CSPM/DSPM) tooling - managing scan coverage, remediating findings, and reporting on SLA adherence
    • Identify, prioritize, and remediate cloud misconfigurations and security posture gaps across the organization's Azure subscriptions and infrastructure
    • Implement and validate security controls across cloud-native services, IaaS, PaaS, and container-based workloads
    • Maintain and enforce secure configurations across firewalls, network security components, application delivery infrastructure, and compute platforms in partnership with the Security Team
    • When needed, assist with privileged credential hygiene, certificate lifecycle, and secrets governance across the environment
    • Maintain awareness of known and emerging vulnerabilities across the full technology stack - cloud services, OS platforms, network components, and application runtimes
  • Compliance, Policy & Reporting
    • Monitor and report the organization's compliance posture against established security policies, baselines, and regulatory frameworks
    • Partner with the Security team to define, author, and maintain cloud and infrastructure security policies - keeping pace with evolving industry trends and regulatory requirements
    • Review and update existing policies on a regular cadence to reflect changes in the cloud environment and threat landscape
    • Produce accurate, timely compliance posture reports for leadership - covering baseline adherence, vulnerability SLA performance, and remediation progress
  • CI/CD Pipeline & Infrastructure Security
    • Support secure configuration management across server and cloud environments
    • Ensure PKI and certificate management practices are maintained across the environment - including TLS/SSL lifecycle, renewal processes, and certificate inventory
  • Technical Leadership & Mentorship
    • Serve as an informal technical leader and security subject matter expert across Cloud Engineering, Platform Engineering, and adjacent teams
    • Mentor engineers on security best practices, secure design patterns, and compliance requirements - elevating security competency across the department without direct people management responsibilities
    • Contribute to architecture and design reviews, providing a security lens on cloud platform decisions in partnership with the Cloud Architect
  • Cross-Team Collaboration
    • Cloud Engineering & Platform Engineering - consult on secure architecture, container platform hardening, network segmentation, and pipeline security practices
    • Identity & Access Management (IAM) - partner on identity governance, privileged access management, and access control policy enforcement
    • Incident Response / Vulnerability Management - collaborate with the Security Detection & Response team on vulnerability prioritization, SLA tracking, remediation coordination, and incident response activities
    • Audits & Assessments - provide technical support for evidence gathering, compliance posture reporting, and audit response
    • Application Development Teams - consult on security requirements for cloud-native application platforms, ensuring developer environments are built securely from the ground up

Additional Requirements

  • As part of the evaluation process, candidates who progress beyond the initial screening will be required to complete a formal technical assessment to validate coding proficiency and technical competency.

Preferred Qualifications

  • Education & Experience:
    • 10+ years of experience in cloud engineering, infrastructure, or security engineering - with demonstrated hands-on security work, not just advisory
    • Bachelor's Degree in Computer Science, Software/Computing Engineering, Information Security, or related field - or equivalent experience
    • Technical certifications preferred: AZ-500, SC-100, SC-200, AZ-104, or equivalent cloud/security certifications
    • Experience working in regulated industries (Financial Services, Insurance, or Health-Tech preferred)
    • Familiarity with compliance frameworks: NIST, HIPAA, PCI and Minimum Security Baselines (MSBs)
  • Skills & Abilities:
    • Hands-on experience or significant exposure to the following services and concepts:
    • Cloud Platform - Azure Networking & Security: Virtual Networks (VNETs) and peering, NSGs, UDRs, Private Endpoints, Azure Firewall, Application Gateways (including WAF - OWASP ruleset configuration, Detection vs. Prevention mode), ExpressRoute, VPN Gateways, and Azure Bastion
    • Compute & Containers: Virtual Machines, VM Scale Sets, AKS (Kubernetes), and Container App Environments - including cluster hardening, network policy enforcement, workload identity, and Azure Policy for Kubernetes
    • Identity & Access: Active Directory (on-prem, hybrid Entra Connect sync), Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policy design and enforcement, Azure RBAC (including custom role design), and Entra ID Protection
    • Security & Compliance Tooling: Microsoft Sentinel, Microsoft Defender for Cloud (Defender for Containers, Defender for Servers, Defender CSPM), and Azure Policy
    • Monitoring & Observability: Azure Monitor - KQL, alert rule configuration, log-based queries, and action group integrations; familiarity with Log Analytics Workspace architecture and log ingestion patterns at scale
    • Secrets & Certificates: Azure Key Vault and Key Vault CSI Secrets Store driver for AKS
    • Storage & Recovery: Storage Accounts, Backup Vault, and Azure Site Recovery
    • Virtual Desktop: Azure Virtual Desktop (AVD)
    • Security Tooling: Rapid7 - vulnerability management and scanning (InsightVM or InsightIDR); scan configuration, reporting, and SLA tracking
    • Datadog - log management, infrastructure monitoring, and security-adjacent alerting
    • Identity, Access & Privileged Access Management: Delinea Secret Server (Thycotic) - PAM administration, privileged credential vault management, and access policy configuration
    • Conditional Access, PIM, and RBAC - policy design, enforcement, and least-privilege access models at enterprise scale
    • Microsoft Intune - device compliance enforcement as part of a Zero Trust security posture
    • Certificate Management - PKI, TLS/SSL lifecycle management, certificate inventory, and renewal processes
    • Network & Perimeter Security: Cloudflare (Enterprise) - CDN, WAF, DDoS protection, and DNS proxy configuration and management
    • Network routing and VPN - hub-and-spoke topology, route tables, ExpressRoute, and VPN Gateway
    • Cisco ASAv - virtual firewall configuration and management
    • DNS, DHCP, and Group Policy - enterprise-scale administration in hybrid environments
    • Azure DevOps (ADO) - CI/CD pipeline security, build agent management, and secure pipeline design
    • GitHub / GitLab - source control security, branch protection, secret scanning, and pipeline hardening
    • Infrastructure-as-Code (IaC): Terr

Similar jobs

Sr Cloud Security Engineer

Blue Cross and Blue Shield of NebraskaOmaha, NE· 3 wk ago
Information Technologyapply on nebraskablue.wd1.myworkdayjobs.com

Cloud Security Engineer, Sr

Old National BankEvansville, IN· 3 wk ago
Information Technology$70/hrapply on careers-oldnational.icims.com