Senior Azure Cloud Security Engineer

The Job in short

• We are seeking a highly experienced and action-oriented Principal Cloud Security Engineer to join the Grand Central Platform team.
• This role focuses on developing and maintaining the robust security posture of platforms key to our business, including the IPaaS (Integration Platform as a Service) and the AI Agentic platform, which serve both internal employees and external financial institution customers.
• The ideal candidate possesses a strong technical and hands-on approach. You won't just identify vulnerabilities and explain risks; you will actively collaborate with the team to implement fixes.
• Our team champions the principle of security as everyone's responsibility, adhering strictly to established security standards and conventions

Meet the job

1. Platform Security Ownership:

● Own the overall security posture of the Platform.

● Act as the security representative for the team, conducting threat modeling, vulnerability

testing, risk analysis, and security assessments, and supporting incident handling.

● Mentor team members and contribute to the growth of the team's security capabilities.

● Propose and drive security initiatives, collaborating across various teams within the

company, and actively participate in the Security Guild.

2. Architecture, Design & Cloud Security Implementation (Azure Focus):

● Collaborate with architects to enforce the secure by design principle for new Platform

components.

● Design, implement, and maintain secure cloud infrastructure and controls within Azure

environments.

● Ensure compliance with relevant security standards and regulations through regular

security assessments and risk analyses.

● Implement and maintain cloud security best practices across Azure environments.

● Bring deep expertise to designing and developing architectures that enhance visibility,

detection, mitigation, and observability.

3. Threat and Risk Management:

● Conduct comprehensive risk assessments, threat modeling, and penetration testing.

● Identify vulnerabilities and recommend strategic mitigation strategies for cloud security

threats.

● Secure cloud network architectures (Networking & Security).

4. Identity, Access, and Monitoring:

● Design and enforce least privilege access and secure authentication mechanisms

(Identity & Access Management - IAM).

● Maintain security monitoring tools (SIEM, CSPM, EDR), investigate threats, and manage

security incident response.

5. DevSecOps & Automation:

● Embed security into CI/CD pipelines using DevSecOps methodologies.

● Automate security compliance checks and vulnerability assessments.

● Utilize expertise in Terraform or OpenTofu for Infrastructure as Code (IaC) security

automation.

● Collaborate with development teams to integrate security into the Secure SDLC,

promoting secure coding practices and regular security testing

How about you

● 8+ years of hands-on experience in cloud security, DevSecOps, or cloud engineering

with a dedicated security focus.

● Deep expertise in Azure cloud security architecture and services.

● Strong experience with Cloud IAM, specifically: Azure AD, RBAC, PIM, and

Conditional Access.

● In-depth knowledge of IAM, RBAC, and access policies in Azure.

● Proven experience in designing and maintaining cloud-based IaaS, PaaS, and SaaS

environments.

● Expertise in Terraform or OpenTofu for IaC security automation.

● Experience with security monitoring tools SIEM, CSPM, EDR (e.g., Azure Sentinel,

Defender for Cloud).

● Strong proficiency in scripting and automation (Python, Go, Bash).

● Solid networking knowledge, including firewalls, VPNs, VNET peering, and WAF.

● Experience in DevSecOps and embedding security into CI/CD pipelines, along with a

strong understanding of Secure SDLC.

● Familiarity with security compliance standards (e.g., NIST, CIS, ISO 27001, SOC 2).

● Familiarity with LLM/AI system vulnerabilities (e.g., prompt injection, data poisoning,

adversarial attacks).

● Demonstrated ability to identify, triage, and resolve security issues across traditional and

AI-based systems. Offensive security experience is a significant plus.