Cloud Security Engineer
We are working with a leading global technology organisation that is seeking an experienced Cloud Security Engineer to join their Infrastructure Security Architecture team.
This is a fantastic opportunity to work in a large-scale, enterprise cloud environment, acting as the subject matter expert across Microsoft Azure security. You will partner with engineering and security stakeholders, helping to design, deliver, and oversee security initiatives, ensuring the environment remains compliant, secure, and scalable.
Responsibilities:
* Act as a specialist within Azure and Azure security, supporting both platform engineering and security functions.
* Manage and review Azure Policy direction, including policy definitions, initiatives, assignments, and exemptions.
* Assess and approve policy exemptions at the environment or global scale.
* Provide subject matter expertise on security-related change initiatives and centralised controls.
* Partner with cloud engineering and infrastructure teams to advise on security deliverables and assess upcoming changes.
* Support security incident response where Azure-specific expertise is required.
* Define, measure, and report on Azure security compliance metrics.
* Document centralised constructs, modules, and artefacts, producing materials that can be used across engineering teams.
Qualifications & Experience:
* Experience in a senior Azure architecture or engineering role.
* Strong expertise in Microsoft Azure security best practices and governance.
* Proficiency with Azure CLI, PowerShell, or Azure Graph REST API.
* Hands-on experience with Azure Policy (including exemptions, initiatives, and compliance reporting).
* Familiarity with Entra ID, conditional access, and identity hardening.
* Experience with Microsoft Defender for Cloud, including best practices and automation of controls.
* Strong knowledge of Role-Based Access Control, logging (DCR, Diagnostic Settings), and KQL queries.
* Experience with CSPM and CWP solutions for identifying and remediating risks.
* Exposure to containerisation security (Kubernetes, Docker, ACR, AKS, Key Vault, Azure Storage).
* Familiarity with SIEM tools such as Microsoft Sentinel (reviewing alerts, tuning connectors, threat detection).
* Understanding of compliance frameworks (MCSB, NIST, CIS, ISO 27001, PCI-DSS).
If you're passionate about securing large-scale cloud platforms and enjoy working across engineering and security teams, we'd love to hear from you