- Company Name
- Tek Tree LLC
- Job Title
- Cloud Security Engineer
- Job Description
-
**Job Title:** Cloud Security Engineer
**Role Summary:**
Design, implement, and manage security controls for Microsoft Azure and Microsoft 365 environments, ensuring compliance with enterprise policies and regulatory standards. Leverage Infrastructure as Code (IaC) and security tools to protect cloud workloads, data, and identities.
**Expectations:**
- Minimum 2 years of hands‑on experience securing public‑cloud workloads (Azure required, AWS a plus).
- Proven ability to create secure Azure architectures and enforce governance via Azure Policy and RBAC.
- Experience delivering Microsoft 365 security solutions (Exchange Online, DLP, Purview, Defender for Office 365).
- Strong attention to detail in documentation, configuration, and risk assessment.
**Key Responsibilities:**
- Design secure Azure architectures using IaC (Terraform) for landing zones, hub‑and‑spoke networks, and shared services.
- Build and maintain reusable Terraform modules incorporating Azure security best practices (VNET, NSG, Private Endpoints, Bastion, Key Vault).
- Implement Azure Policy, RBAC, Conditional Access, PIM, and MFA to enforce identity and access governance.
- Deploy and manage Microsoft Defender for Cloud, Azure Monitor, and Security Center for threat detection and incident response.
- Secure Microsoft 365 services: configure Exchange Online protection, DLP policies, Microsoft Purview, and Defender for Office 365.
- Collaborate with architects, compliance, and operations to develop security frameworks and SOPs aligned with CIS Benchmarks, NIST, ISO 27001.
- Provide risk assessments and security guidance for Azure and Microsoft 365 solutions.
**Required Skills:**
- Azure security architecture and governance (Azure Policy, RBAC, Azure AD).
- Terraform or comparable IaC tooling.
- Microsoft 365 security controls (Exchange Online, DLP, Purview, Defender for Office 365).
- Identity & access management (Conditional Access, PIM, MFA).
- Threat protection and monitoring (Defender for Cloud, Azure Monitor, Security Center).
- Knowledge of compliance frameworks (CIS, NIST, ISO 27001).
- Strong documentation and communication abilities.
**Required Education & Certifications:**
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or equivalent experience.
- Relevant certifications (e.g., Microsoft Certified: Azure Security Engineer Associate, Certified Information Systems Security Professional) are advantageous but not mandatory.