Senior Azure Cloud Security Engineer

We have direct client (Oil/Gas domain company) located near Arlington, Virginia that is currently looking to fill an open full-time (PERM) Azure Cloud Security Engineer position.
This role will require 100% onsite support .

The budgeted salary cap in place for this role falls at $180,000. (plus 10% bonus & 100% healthcare & relocation package).

Position: Senior Azure Cloud Security Engineer
Location: Arlington, VA

This role requires expert-level, hands-on experience in the Microsoft security ecosystem coupled with deep proficiency in best-of-breed third-party tools like CrowdStrike, Splunk, and Tenable.

Responsibilities

• Design and maintain complex conditional access policies incorporating device compliance, location, and risk-based signals.
• Implement Privileged Identity Management (PIM) to enforce just-in-time (JIT) and just-enough-administration (JEA) for high-impact roles.
• Conduct regular access reviews and manage identity lifecycles for employees, contractors, guests, and service accounts.
• Configure MDM and MAM policies, including device enrollment restrictions, compliance baselines, and configuration profiles for Windows, macOS, iOS, and Android.
• Oversee patching deployments and automate OS/Application patching cycles to maintain a low vulnerability footprint.
• Build and tune sensitivity labels for automatic data classification across SharePoint, Teams, and Exchange.
• Develop Data Loss Prevention (DLP) policies to prevent unauthorized data exfiltration.
• Manage the full suite (Endpoint, Office 365, Identity, and Cloud) to investigate and remediate sophisticated threats.

Qualifications

• 7+ years of professional experience relevant experience supporting enterprise cloud and/or infrastructure environments.
• Deep knowledge & hands on experience in core components of the Microsoft security and management ecosystem designed for a Zero Trust Approach. Specifically on Azure Entra, Intune and Purview (DLP, eDiscovery, Information Protection, Insider Risk Management) and Azure Conditional Access Policies for automated guardrails.
• Advanced proficiency in PowerShell or Python for automating security tasks and incident response playbooks.
• Expertise in using Proofpoint Targeted Attack Protection (TAP) and Threat Response Auto-Pull (TRAP) to stop phishing and malware.
• Experience managing the full user lifecycle (joiner, mover, leaver) and automating provisioning / deprovisioning using SailPoint.
• Experience with JAMF Pro and JAMF Protect for securing Apple endpoints within an enterprise Azure environment.
• Bachelor's degree in Cybersecurity, Computer Science, or Information Systems.
• Microsoft Certified Azure Security Engineer Associate (AZ-500) (Preferred)
• SC-100 (Cybersecurity Architect) or CISSP (Highly Preferred)

Once again, this is a 100% fully onsite position. Please forward qualified candidate for review and don't hesitate advising if any questions.