Senior IT Cloud Security Engineer

Migrate

Key Responsibilities

• Cloud Security Architecture & Governance
• Act as a multi-cloud security architect with a primary focus on AWS and secondary focus on Azure.
• Design and implement secure cloud architectures that align with organizational standards and regulatory requirements.
• Manage and harden cloud environments using AWS services (EC2, S3, RDS, IAM, VPC, CloudFormation, Route 53, CloudWatch) and Azure services (VMs, Storage, Networking, Azure AD, Synapse).
• Apply Zero Trust principles across all cloud layers, enforcing segmentation, least privilege, and secure access policies.
• Conduct regular cloud security posture reviews and audits, ensuring adherence to frameworks such as ISO 27001, NIST, CIS, and SCA.

Microsoft & Identity Security Management

• Administer and secure Microsoft 365, Exchange, Active Directory, and Windows Server OS environments.
• Ensure effective management of domain services, identity synchronization, and group policies.
• Implement Conditional Access, MFA, and Privileged Access Management (PAM) controls to protect user and administrative identities.
• Integrate and maintain identity federation between cloud and on-prem systems for unified authentication.

Infrastructure Operations & BAU Security

• Oversee infrastructure BAU operations including backups, patching, monitoring, and capacity management.
• Lead SecOps activities including endpoint patching, vulnerability remediation, and system hardening.
• Manage both Windows and Linux operating systems, ensuring compliance with hardening benchmarks.
• Collaborate with the NOC team to ensure continuous monitoring, incident response, and SLA compliance.
• Maintain and secure limited on-prem infrastructure, including firewalls, switches, and IP telephony systems.

Automation, DevSecOps & Infrastructure as Code (IaC)

• Implement and manage CI/CD pipelines using Azure DevOps (preferred), AWS CodePipeline, and GitHub Actions.
• Apply Infrastructure as Code (IaC) principles using Terraform, CloudFormation, ARM, Bicep, and Ansible to automate provisioning and enforce secure configurations.
• Integrate security scanning (SAST, DAST, dependency checks) into development and deployment pipelines.
• Deploy and manage container platforms (Amazon EKS, Azure AKS) with secure baselineconfigurations.

Security Operations (SOC) & Incident Management

• Oversee SOCoperations, ensuring effective monitoring, alert triage, and incident response.
• UtilizeSIEM/SOAR tools (Azure Sentinel, Splunk, AWS Security Hub) for centralized visibility and automation.
• Lead the incident response lifecycle detection, containment, investigation, remediation, and lessons learned.
• Conduct root cause analysis for major incidents and ensure continuous improvement of detection rules.
• Coordinate with cross-functional teams for vulnerability remediation and threat intelligence sharing.

Risk Management, Compliance & Resilience

• Conduct vulnerability assessments, penetration testing, and compliance reviews across systems and networks.
• Define risk treatment plans and ensure timely mitigation of identified risks.
• Maintain documentation for all cloud security controls, policies, and configurations.
• Implement and validate Disaster Recovery (DR) and Business Continuity strategies across AWSand Azure.
• Drive continuous security improvement through automation, governance, and training.