SonicJobs Logo
Left arrow iconBack to search

Sr. Cloud Security Engineer (Remote)

Inspira Financial
Posted 2 days ago, valid for 16 days
Location

Oak Brook, IL, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • The Sr. Cloud Security Engineer (Sr. CSE) is responsible for hands-on remediation of cloud and infrastructure vulnerabilities, ensuring compliance with established security policies and Minimum-Security Baselines (MSBs).
  • Candidates should have over 10 years of experience in cloud engineering, infrastructure, or security engineering, along with a Bachelor's Degree in a related field or equivalent experience.
  • This role involves collaborating with various teams to define and maintain cloud security policies, actively participating in audits, and producing compliance reports for leadership.
  • The position offers a salary range of $120,000 to $150,000, depending on experience and qualifications.
  • Additional qualifications include familiarity with compliance frameworks like NIST and HIPAA, and technical certifications such as AZ-500 or SC-100 are preferred.

The Sr. Cloud Security Engineer (Sr. CSE) is a hybrid cloud and security engineering role responsible for the hands-on remediation of infrastructure and cloud vulnerabilities, ensuring cloud and infrastructure resources maintain compliance with established policies and Minimum-Security Baselines (MSBs), and reporting the organization's current compliance posture. The Sr. CSE will partner with the Security team to define, author, and maintain cloud security policies - keeping pace with evolving industry trends and regulatory requirements. This role will also actively participate in audit activities, including evidence gathering, reporting, and cross-functional collaboration with Compliance, Legal, and IT teams. 

 

Duties & Responsibilities: 

Vulnerability Remediation & Security Operations 

  • Perform hands-on remediation of infrastructure and cloud vulnerabilities, driving issues to closure within established SLAs and policy requirements 
  • Operate and administer vulnerability management and cloud security posture management (CSPM/DSPM) tooling - managing scan coverage, remediating findings, and reporting on SLA adherence 
  • Identify, prioritize, and remediate cloud misconfigurations and security posture gaps across the organization's Azure subscriptions and infrastructure 
  • Implement and validate security controls across cloud-native services, IaaS, PaaS, and container-based workloads 
  • Maintain and enforce secure configurations across firewalls, network security components, application delivery infrastructure, and compute platforms in partnership with the Security Team 
  • When needed, assist with privileged credential hygiene, certificate lifecycle, and secrets governance across the environment 
  • Support the hardening of Windows and Linux server environments through configuration management and compliance-as-code practices 
  • Maintain awareness of known and emerging vulnerabilities across the full technology stack - cloud services, OS platforms, network components, and application runtimes 

 

 

Compliance, Policy & Reporting 

 

  • Monitor and report the organization's compliance posture against established security policies, baselines, and regulatory frameworks 
  • Partner with the Security team to define, author, and maintain cloud and infrastructure security policies - keeping pace with evolving industry trends and regulatory requirements 
  • Review and update existing policies on a regular cadence to reflect changes in the cloud environment and threat landscape 
  • Produce accuratetimely compliance posture reports for leadership - covering baseline adherence, vulnerability SLA performance, and remediation progress 
  • Coordinate and assist in evidence collection and audit maintenance for internal and external organizational assessments, including regulatory audits and third-party risk reviews 
  • Respond to findings from audits, security questionnaires, and internal/external scanning or penetration testing 

 

CI/CD Pipeline & Infrastructure Security 

 

  • Partner with Software Engineering and App Security  teams to embed security into CI/CD pipelines and deployment workflows - including secret scanning, least-privilege deployment identities, and secrets management integration 
  • Review and advise on Infrastructure-as-Code (IaC) implementations from a security perspective, ensuring patterns align with security baselines and organizational standards 
  • Support secure configuration management across server and cloud environments 
  • Ensure PKI and certificate management practices are maintained across the environment - including TLS/SSL lifecycle, renewal processes, and certificate inventory 

 

Technical Leadership & Mentorship 

 

  • Serve as an informal technical leader and security subject matter expert across Cloud Engineering, Platform Engineering, and adjacent teams 
  • Mentor engineers on security best practices, secure design patterns, and compliance requirements - elevating security competency across the department without direct people management responsibilities 
  • Contribute to architecture and design reviews, providing a security lens on cloud platform decisions in partnership with the Cloud Architect 

 

Cross-Team Collaboration 

 

  • Cloud Engineering & Platform Engineering - consult on secure architecture, container platform hardening, network segmentation, and pipeline security practices 
  • Identity & Access Management (IAM) - partner on identity governance, privileged access management, and access control policy enforcement 
  • Incident Response / Vulnerability Management - collaborate with the Security Detection & Response team on vulnerability prioritization, SLA tracking, remediation coordination, and incident response activities 
  • Audits & Assessments - provide technical support for evidence gathering, compliance posture reporting, and audit response 
  • Application Development Teams - consult on security requirements for cloud-native application platforms, ensuring developer environments are built securely from the ground up 

 

Additional Requirements:

As part of the evaluation process, candidates who progress beyond the initial screening will be required to complete a formal technical assessment to validate coding proficiency and technical competency.

Qualifications

Education & Experience 

  • 10+ years of experience in cloud engineering, infrastructure, or security engineering - with demonstrated hands-on security work, not just advisory 
  • Bachelor's Degree in Computer Science, Software/Computing Engineering, Information Security, or related field - or equivalent experience 
  • Technical certifications preferred: AZ-500, SC-100, SC-200, AZ-104, or equivalent cloud/security certifications 
  • Experience working in regulated industries (Financial Services, Insurance, or Health-Tech preferred) 
  • Familiarity with compliance frameworks: NIST, HIPAA, PCI and Minimum Security Baselines (MSBs) 

 

Skills & Abilities 

Hands-on experience or significant exposure to the following services and concepts: 

Cloud Platform - Azure 

  • Networking & Security: Virtual Networks (VNETs) and peering, NSGs, UDRs, Private Endpoints, Azure Firewall, Application Gateways (including WAF OWASP ruleset configuration, Detection vs. Prevention mode), ExpressRoute, VPN Gateways, and Azure Bastion 
  • Compute & Containers: Virtual Machines, VM Scale Sets, AKS (Kubernetes), and Container App Environments including cluster hardening, network policy enforcement, workload identity, and Azure Policy for Kubernetes 
  • Identity & Access: Active Directory (on-prem, hybrid Entra Connect sync), Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policy design and enforcement, Azure RBAC (including custom role design), and Entra ID Protection 
  • Security & Compliance Tooling: Microsoft Sentinel, Microsoft Defender for Cloud (Defender for Containers, Defender for Servers, Defender CSPM), and Azure Policy 
  • Monitoring & Observability: Azure Monitor KQL, alert rule configuration, log-based queries, and action group integrations; familiarity with Log Analytics Workspace architecture and log ingestion patterns at scale 
  • Secrets & Certificates: Azure Key Vault and Key Vault CSI Secrets Store driver for AKS 
  • Storage & Recovery: Storage Accounts, Backup Vault, and Azure Site Recovery 
  • Virtual Desktop: Azure Virtual Desktop (AVD) 

 

Security Tooling 

  • Rapid7 vulnerability management and scanning (InsightVM or InsightIDR); scan configuration, reporting, and SLA tracking 
  • Wiz and/or Orca Security CSPM/DSPM platform experience; cloud misconfiguration identification, prioritization, and remediation workflows 
  • Microsoft Sentinel SIEM administration, analytics rule management, and data connector configuration; familiarity with security log feeds from edge and email security platforms preferred 
  • Microsoft Defender for Cloud Defender plans (Servers, Containers, CSPM), agentless scanning, and security recommendation management 
  • Datadog log management, infrastructure monitoring, and security-adjacent alerting 
  • Identity, Access & Privileged Access Management 
  • Delinea Secret Server (Thycotic) PAM administration, privileged credential vault management, and access policy configuration 
  • Active Directory + Entra ID hybrid identity, Entra Connect sync, group policy (GPO), DNS, and DHCP administration 
  • Conditional Access, PIM, and RBAC policy design, enforcement, and least-privilege access models at enterprise scale 
  • Microsoft Intune device compliance enforcement as part of a Zero Trust security posture 
  • Certificate Management PKI, TLS/SSL lifecycle management, certificate inventory, and renewal processes 

 

Network & Perimeter Security 

  • Cloudflare (Enterprise) CDN, WAF, DDoS protection, and DNS proxy configuration and management 
  • Network routing and VPN hub-and-spoke topology, route tables, ExpressRoute, and VPN Gateway 
  • Cisco ASAv virtual firewall configuration and management 
  • DNS, DHCP, and Group Policy enterprise-scale administration in hybrid environments 
  • DevOps, IaC & Pipeline Security 
  • Azure DevOps (ADO) CI/CD pipeline security, build agent management, and secure pipeline design 
  • GitHub / GitLab source control security, branch protection, secret scanning, and pipeline hardening 
  • Infrastructure-as-Code (IaCTerraform, ARM templates, or Bicep with a security-first approach to cloud deployments 
  • CHEF configuration management and compliance-as-code for server fleet hardening and baseline enforcement 
  • Endpoint & Server Platforms 
  • Windows Server administration, hardening, security baseline enforcement, and Group Policy management 
  • Linux Server administration, hardening, and security baseline enforcement across enterprise server fleets 
  • Microsoft 365 Suite Exchange, SharePoint, Teams, and Intune security configuration and administration 

 

Frameworks & Compliance 

  • Familiarity with NIST, HIPAA, and organizational Minimum Security Baselines (MSBs) 
  • Understanding of Zero Trust architecture principles and how they apply across identity, network, and workload security 
  • Familiarity with PCI-DSS scoped environment security requirements preferred 
  • Experience operating in regulated industries (Financial Services, Insurance, or Health-Tech)  

 

Experience with or exposure to the following developer runtimes and technologies is a plus, as this role will consult on security posture within environments built on: 

  • ASP.NET, .NET, Java (JBoss / Hibernate / JMS), gRPC, Redis, SQL Server 



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.