Lead Azure Cloud security engineer- W2 Only (No H1b or CPT/OPT)

Job Description

Title: Lead Azure Cloud security engineer

Location: Remote

Duration: 12-24 months

Responsibilities:

* Azure Engineers responsible for researching, designing and engineering authentication solutions, including controls and policies relating to the authentication and authorization
* Azure implementation
* Lead and execute the design and implementation of cloud security architectures for Azure and Google Cloud environments.
* Collaborate with cross-functional teams to ensure secure, scalable, and reliable infrastructure deployment in the cloud.
* Lead efforts around Identity and Access Management (IAM) solutions, including integration with Active Directory, MFA, and PIM.
* Provide hands-on expertise with Terraform to automate cloud security and infrastructure processes.
* Support the data center exit by advising on and leading secure migration efforts of workloads to the public cloud.
* Work closely with senior architects to shape and deliver security strategies aligned with business objectives.
* Mentor and guide less experienced team members, acting as a “player-coach” to ensure successful project execution.

Azure

Basic knowledge of Azure/Entra ID; powershell for integration of cloud kerberos trust and troubleshoot authentication issues. NOT just someone who has been through a Microsoft training – need critical thinking skills – questioning everything with a security hat on. Consult with partner teams like messaging teams for Exchange or Teams, or Channel Secure who handles SSO; assist with getting EntraID accounts available in the sync or flowing attributes.

Log analytics with Kusto – setting up analytics to adhere to controls for regulatory work.

Key skills:

* Terraform – environment is very different that other companies – need to create custom modules in Terraform.
* Need heavy IAM & Security experience.

Equivalent ideas in Azure

-Understand concept of principals instead of service accounts

-Azure Sync would be ideal

-Issue is we get all DevOps ppl when we put Terraform. They are good at writing resources into the cloud – which is a plus, but we need more IAM focus.

-Ansible/Chef/Playbook or Pulumi that could be an acceptable sub for Terraform. They would have to understand where the state is held, difference between declarative and imperative infra mgmt.

• Terraform development experience with a focus on Identity and Access Management (IAM).

• Deep knowledge of Azure Cloud Security, including securing environments and integrating IAM solutions like Active Directory, MFA, and PIM.

• Strong automation skills using tools like Terraform/GoLang, PowerShell, and MS Graph API.