Cloud Security Engineer

• Lead the deployment, configuration, and ongoing management of Microsoft Defender for Cloud, including secure score improvement, regulatory compliance mapping, and workload protection.
• Implement and manage Azure and M365 security tools, including Defender for Cloud, Microsoft Sentinel, Entra ID (Azure AD), Intune, Purview, and Conditional Access.
• Monitor, analyze, and respond to security alerts from Defender for Cloud, MDR vendors, and EDR platforms; perform investigation and root cause analysis.
• Configure and manage cloud security posture management (CSPM) and cloud workload protection (CWPP) capabilities within Defender for Cloud.
• Implement and maintain network security controls, including firewalls, VPNs, NSGs, WAFs, and Azure network segmentation.
• Manage identity and access governance across Azure AD and M365 using RBAC, MFA, and least-privilege principles.
• Conduct vulnerability assessments using Defender for Cloud recommendations and oversee remediation tracking.
• Perform security and compliance reviews across Azure and cloud workloads, ensuring alignment with Defender for Cloud regulatory standards (e.g., HIPAA, NIST).
• Maintain security documentation (data flow diagrams, network diagrams, runbooks) and support tabletop exercises.
• Participate in incident response and disaster recovery testing; ensure RTO/RPO objectives are met.
• Collaborate with IT and compliance teams to align with HIPAA, NIST, and SOC 2 standards.
• Stay current with emerging threats and continuously optimize Defender for Cloud configurations and security posture.

Required Skills & Experience:

• 35+ years of experience in security engineering, cloud security, or infrastructure security roles.
• Minimum 2+ years of hands-on experience with Microsoft Defender for Cloud (required).
• Strong expertise in Defender for Cloud, including CSPM, CWPP, secure score management, and regulatory compliance features.
• Hands-on experience securing Microsoft Azure environments and integrating security services across M365.
• Strong working knowledge of Microsoft Sentinel, Entra ID (Azure AD), Intune, Purview, and Conditional Access.
• Experience implementing and managing cloud and network security controls, including NSGs, WAFs, firewalls, and segmentation.
• Practical experience with identity and access management, including RBAC, MFA, and least-privilege principles in hybrid environments.
• Experience with security monitoring, incident response, and collaboration with MDR/EDR providers.
• Experience leveraging Defender for Cloud recommendations for vulnerability management and remediation tracking.
• Familiarity with regulatory frameworks such as HIPAA, NIST, and SOC 2 in regulated environments.
• Ability to work cross-functionally and communicate security risks effectively to both technical and non-technical stakeholders.
• akbar.shah@sysgain.com
• 9154220598