Azure Security DevSecOps Engineer

Job Title: Azure Security DevSecOps Engineer – Entra ID Expert

Location: Remote only on w2

We are seeking a highly skilled Azure Security DevSecOps Engineer with deep expertise in Microsoft Entra ID (formerly Azure AD) to join our cloud platform engineering team. This role is pivotal in embedding security across the software development lifecycle, ensuring robust identity and access management, and aligning with enterprise-grade security frameworks.

• Secure Azure Infrastructure: Design, implement, and maintain secure Azure cloud environments using DevSecOps principles and Infrastructure as Code (IaC) via Terraform.
• Identity & Access Management: Architect and manage Entra ID configurations including RBAC, Conditional Access, MFA (hard/soft tokens), SSPR, and Service Principal setups.
• Security Posture Management: Leverage Wiz for vulnerability scanning, compliance monitoring, and cloud security posture management.
• Code Security & Quality: Integrate SonarQube for static code analysis and enforce clean-code practices aligned with ISO/IEC 5055 and OWASP standards.
• CI/CD Integration: Embed security into CI/CD pipelines using tools like GitHub Actions, Azure DevOps, and Sonar scanner CLI.
• Network Security: Secure Azure networking components including NSGs, Azure Firewall, VPNs, and DDoS protection.
• Security Frameworks Compliance: Implement and enforce NIST, CIS, ISO 27001, and Zero Trust principles across cloud workloads.
• Threat Modeling & Risk Analysis: Conduct assessments for Azure-based applications and infrastructure, and respond to incidents using Azure Security Center and Sentinel.
• Automation & Governance: Automate security workflows and contribute to centralized governance initiatives like the SHIELD program.
• Collaboration: Work cross-functionally with development, operations, and cybersecurity teams to drive secure-by-design and shift-left strategies.

• Experience 10 years in cloud security or DevSecOps roles, with 3 years focused on Azure.
• Entra ID Expertise: Proven experience with advanced Entra ID configurations, including custom policies in Azure B2C and third-party identity provider integrations.
• Wiz: Hands-on experience with Wiz for cloud security monitoring and compliance.
• Terraform: Strong proficiency in writing and managing IaC for Azure.
• SonarQube: Practical knowledge of SonarQube for code quality and security scanning.
• Scripting: Proficiency in PowerShell and Python for automation and integration.
• Security Frameworks: Familiarity with NIST, CIS, ISO 27001, OWASP, and PCI-DSS.
• Azure Services: Deep knowledge of Azure Security Center, Key Vault, Sentinel, and Azure Monitor.

• Certifications: Microsoft Certified: Azure Security Engineer Associate, Certified DevSecOps Professional, or equivalent.
• Tools: Experience with Checkmarx, Snyk, Qualys, and container security platforms (e.g., Aqua, Prisma Cloud).
• Container Security: Familiarity with Docker, Kubernetes, and related Azure services.
• Governance: Experience contributing to centralized DevSecOps governance programs like SHIELD.