Key responsibilities include: Implementing, designing, and managing security architecture for Azure Government and Commercial deployments. Configuring and optimising Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated response. Designing and enforcing identity & access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just-in-time access. Securing network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpoints. Protecting data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controls. Developing and maintaining security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs, etc.). Performing threat hunting, incident response, and forensics using Sentinel playbooks, Log Analytics, and KQL queries. Conducting security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloads. Collaborating with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaults. Monitoring and remediating security findings, reducing attack surface, and improving overall security posture per the Microsoft Cloud Security Benchmark (MCSB). Deploying configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services.

Basic qualifications include: Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one. 3+ years of experience in cloud security, cybersecurity engineering, or related roles (with strong Azure focus). Deep hands-on expertise with core Azure security services: Microsoft Defender suite, Sentinel, Intune, Entra ID, Key Vault, Azure Policy, Firewall, Network Watcher, and Purview. Strong understanding of DLP implementation both in cloud and on endpoints utilising Purview and other Microsoft native controls. Experience implementing security in hybrid/multi-cloud environments. Proficiency in scripting/automation (PowerShell, Azure CLI, Bicep/ARM templates, Terraform). Strong understanding of identity federation, zero-trust principles, encryption, network security, and vulnerability management. Familiarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs, etc.) and regulatory requirements. Excellent problem-solving, analytical, and communication skills. Strong verbal and written communication skills and the ability to stay composed under pressure.

Preferred skills and experience include: Microsoft Certified: Azure Security Engineer Associate (AZ-500), Microsoft Cybersecurity Architect (SC-100). Additional relevant certifications (e.g., CISSP, CCSP, Microsoft Certified: Azure Administrator, AWS Security Specialty, SANS GCPS, SANS GCAD). Deep experience with detection and response engineering and SOC operations. Knowledge of container security (Docker, AKS), secure DevOps, or AI/ML workload protection. Prior experience in government regulations frameworks such as FedRAMP and CMMC.

XML job scraping automation by YubHub

Security Software Engineers help us ship secure products end-to-end—covering enterprise security, cloud/infrastructure, and protections embedded directly in our products. You’ll build the tools and features that safeguard our platform and editor and protect our customers.

You may be a fit if

You are a strong software engineer first, with security as your superpower. You think like both a builder and an attacker: you anticipate vulnerabilities before they become issues. You care about developer experience, building solutions that are secure and frictionless. You’re comfortable moving quickly, owning problems end to end, and iterating with limited guidance. You have experience building or scaling secure systems in fast-moving environments. You have strong opinions on secure defaults, but can balance pragmatism with rigor. You enjoy working on small, high-talent teams where impact is magnified. You’re motivated by protecting developers and users, and you see security as an enabler.

Sample projects include

Build AI augmented code review to get involved in important systems at the right time. Build a least-privilege and JIT system for cloud access that enables engineers _and_ enforces least privileges. Implement a safe environment for agents to engage with code. Implement a framework for securely handling agent manipulation of user systems (e.g., MCP tool calls and command execution). Implement a paved road for preventing inappropriate data from being logged

XML job scraping automation by YubHub