Hanger, Inc.Remote
Cloud Security Engineer – Level V
United States
Full Time
1 hour ago
$153,986 - $192,482 USD
No H1B
Key skills
AzureCloudCyber SecurityKubernetesPythonTerraformTypeScriptGoBashPowerShellAIMLGenerative AIGitHub ActionsGitLab CIServerlessIAMAzure DevOpsEntra IDOAuthSAMLGitHubGitLabCI/CDCloud SecurityZero Trust
About this role
Role Overview
- Design, develop, and implement cloud security architecture solutions in Microsoft Azure aligned with business objectives, technical requirements, and industry frameworks (e.g., NIST CSF, CIS Benchmarks)
- Build and maintain security automation using Infrastructure as Code (IaC) tools such as Terraform, Bicep, or ARM templates to ensure consistent, repeatable, and auditable deployments
- Architect and implement cloud-native security controls including network segmentation, micro-segmentation, encryption at rest and in transit, and secrets management
- Partner with IT Infrastructure and Enterprise Architecture teams on the migration strategy for moving on-premise data centers to Microsoft Azure, ensuring environments are secure, compliant, and resilient from day one
- Evaluate and remediate security risks across hybrid and cloud-native architectures throughout the migration lifecycle
- Implement and manage Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platform (CNAPP) tooling to maintain continuous visibility and compliance
- Collaborate with development and platform engineering teams to embed security into CI/CD pipelines, including static/dynamic code analysis (SAST/DAST), container image scanning, dependency vulnerability scanning, and automated policy enforcement
- Write production-quality code and automation scripts (Python, PowerShell, Bash, or Go) to build security tooling, automate remediation workflows, and integrate security controls across cloud services
- Champion secure software development practices across engineering teams, including threat modeling, secure code review, and security architecture assessments
- Support the adoption of policy-as-code and detection-as-code practices to enforce security standards programmatically
- Lead the design, development, and implementation of a cloud-based IAM strategy, including Zero Trust principles, least-privilege enforcement, conditional access, and identity governance
- Manage and optimize identity platforms (e.g., Microsoft Entra ID), role-based access control (RBAC), privileged access management (PAM), and authentication protocols (OAuth 2.0, SAML, OIDC)
- Implement and tune cloud-native monitoring, logging, and alerting using tools such as Microsoft Sentinel or equivalent SIEM/SOAR platforms
- Develop and enforce cloud security policies, standards, and procedures, and maintain audit readiness for applicable compliance frameworks
- Stay current with emerging technologies, threat vectors, and industry trends — including AI-driven threat detection, container and serverless security, and evolving regulatory requirements
- Act as a subject matter expert, providing technical guidance and mentorship to other engineers and cross-functional team members
Requirements
- 8
- 10+ years of progressive experience in IT, cybersecurity, or cloud engineering
- 10 years of hands-on experience in Microsoft Azure security architecture and operations
- Demonstrated experience in software development or platform engineering, with working proficiency in at least two of the following: Python, PowerShell, Go, Bash, or TypeScript
- Proven track record of designing and implementing IaC-driven cloud environments using tools such as Terraform, Bicep, or ARM templates
- Hands-on experience integrating security tooling into CI/CD pipelines (e.g., GitHub Actions, Azure DevOps, GitLab CI) and working within DevSecOps workflows
- Proven success leading or significantly contributing to data center-to-cloud migration initiatives
- Success with AI/ML workload security or securing generative AI deployments
- Bachelor's degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or a related field (or equivalent professional experience)
- At least one active cloud security certification is required: CCSP, CISSP, Microsoft Certified: Cybersecurity Architect Expert (SC-100), AZ-500 (Azure Security Engineer Associate), or equivalent
- Additional certifications in cloud engineering, DevSecOps, or AI security are a strong plus (e.g., AZ-305, Terraform Associate, Certified Kubernetes Security Specialist)
Tech Stack
- Azure
- Cloud
- Cyber Security
- Kubernetes
- Python
- Terraform
- TypeScript
- Go
Benefits
- 8 Paid National Holidays & 4 additional Floating Holidays
- PTO that includes Vacation and Sick time
- Medical, Dental, and Vision Benefits
- 401k Savings and Retirement Plan
- Paid Parental Bonding Leave for New Parents
- Flexible Work Schedules and Part-time Opportunities
- Generous Employee Referral Bonus Program
- Mentorship Programs
- Mentor and Mentee
- Student Loan Repayment Assistance by Location
- Relocation Assistance
- Regional & National traveling CPO/CO/CP opportunities
- Volunteering for Local and National events such as Hanger’s BAKA Bootcamp and EmpowerFest