Cloud Security Engineer

Job Title: Cloud Security Engineer

Reports To: Director of Cybersecurity & Compliance

FLSA Status: Exempt

Location: Shared Services Office, Irving, TX

Summary:

The Cloud Security Engineer is responsible for protecting the organization’s cloud environment by designing, implementing, and maintaining security controls across Microsoft Azure, Microsoft 365 (M365), and Dynamics 365 (D365). This role focuses on cloud security posture management, cloud workload protection, identity and access management, and data protection within Azure and Microsoft cloud services. The engineer will harden cloud configurations, apply zero-trust principles, secure cloud-native workloads and SaaS applications, and partner with IT, DevOps, and Compliance teams to ensure that cloud operations remain resilient, scalable, and aligned with regulatory requirements.

Essential Duties and Responsibilities:

• Design, configure, and maintain security controls across Microsoft Azure, including IaaS, PaaS, and SaaS workloads, ensuring secure deployments and continuous posture management.
• Configure and maintain security across all Azure resources (e.g., virtual machines, virtual networks, storage accounts, Azure Key Vault, App Services, Azure SQL), while continuously improving cloud security baselines and configurations.
• Apply zero-trust principles to cloud workloads and SaaS applications, including micro-segmentation, least-privilege access, and continuous verification across Azure, M365, and D365.
• Deploy and manage Microsoft Defender for Cloud and Microsoft Defender XDR to monitor cloud security posture, detect misconfigurations, and remediate vulnerabilities across multi-cloud and hybrid environments.
• Conduct gap analyses against relevant cloud security standards (e.g., NIST, CIS Benchmarks for Azure/M365, SOC 2, PCI-DSS) and recommend remediations.
• Maintain records of audit findings and track resolutions to ensure ongoing cloud compliance.
• Develop and maintain cloud security standard operating procedures (SOPs), reference architectures, and best practices.
• Collaborate with cross-functional teams (Infrastructure & Operations, DevOps, Compliance) to disseminate guidance on secure cloud development, infrastructure-as-code (IaC), and operational activities, ensuring that new or updated cloud systems adhere to security best practices.
• Create and update knowledge base articles, runbooks, and incident response playbooks to standardize and streamline cloud security procedures.
• Oversee the security configurations within M365 and D365, including data loss prevention (DLP), Microsoft Purview information protection, conditional access, threat protection (Defender for Office 365, Defender for Cloud Apps), and update the cloud security roadmap as needed.
• Deploy and tune cloud-native protections including Azure Web Application Firewall (WAF), Azure Front Door, Azure DDoS Protection, and advanced threat analytics in coordination with internal teams and external vendors, and guide them through production rollout.
• Develop and maintain incident response protocols for cloud environments to ensure timely identification, containment of threats, and implementation of preventive measures.
• Configure and manage cloud security monitoring tools such as Microsoft Defender for Cloud, Microsoft Sentinel, Rapid7, and other SIEM/SOAR platforms to detect anomalies, suspicious activity, and potential attacks across Azure, M365, and D365.
• Evaluate and secure containerized workloads (e.g., Azure Kubernetes Service), serverless functions, and DevSecOps pipelines, embedding security into CI/CD processes.
• Provide guidance and expertise in cloud architecture reviews, cloud security risk assessments, and the formulation of cloud security strategies.
• Perform other duties and responsibilities as assigned.

Competencies

• Analytical mindset with the ability to solve complex problems under pressure.
• Collaborative approach and ability to work across teams, advocating for security best practices.
• Detail-oriented, with a strong commitment to maintaining the highest levels of data privacy and compliance.

Required Education/Experience:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).
• A minimum of 5+ years’ experience in cloud security, preferably with Microsoft Azure and the broader Microsoft cloud ecosystem (M365/D365).

Preferred Education/Experience:

• Azure Security Engineer Associate (AZ-500)
• Microsoft Cybersecurity Architect Expert (SC-100)
• Microsoft Identity and Access Administrator (SC-300)
• CISSP, CCSP, or CISM
• GCLD, GCSA, or GCIH
• Strong, hands-on knowledge of Microsoft Azure security services, including Microsoft Defender for Cloud, Microsoft Sentinel, Azure Key Vault, Azure Policy, Azure Firewall, and Network Security Groups (NSGs).
• Strong knowledge of Microsoft Entra ID (formerly Azure AD), Conditional Access, Privileged Identity Management (PIM), and identity governance.
• Experience with cloud security posture management (CSPM), cloud workload protection (CWPP), and cloud-native application protection platform (CNAPP) tools, as well as enterprise SIEM platforms.
• Proficiency in securing M365 and D365, including MFA, role-based access control, data loss prevention (DLP), and Microsoft Purview information protection.
• Familiarity with authentication and authorization protocols (OAuth, OIDC, SAML), identity federation, zero-trust architecture principles, and TLS/PKI.
• Working knowledge of infrastructure-as-code (Terraform, Bicep, ARM templates), DevSecOps practices, and securing CI/CD pipelines.
• Excellent communication (written and verbal) for drafting SOPs, technical documentation, and stakeholder presentations.
• Must be proficient in the Microsoft Office Suite, including Outlook, Excel, PowerPoint, and Word.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. The workplace is in a corporate office environment and the temperature in the work environment is usually moderate. The position’s primary office is the Shared Services, Irving, TX office; however, telework or work at home, on the road, or in a satellite location for portions of the workweek may occur, depending upon project needs and requirements in coordination with your direct supervisor and/or most senior leader of your department.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to use hands to operate the computer keyboard and telephone, reach with hands and arms. The employee frequently is required to stand, walk, and sit. The employee is occasionally required to climb or balance and stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception, and ability to adjust focus.

Meriton is an Equal Opportunity Employer