This role is responsible for designing and implementing secure automation pipelines, enforcing least-privilege and Zero Trust access controls, and managing enterprise identity governance to meet both organisational and regulatory compliance requirements.

In addition to strong Entra ID expertise, the ideal candidate will bring hands-on experience with GCP pipeline deployment, infrastructure-as-code (IaC), and custom agent development to enhance cloud security observability, policy enforcement, and workload protection across cloud environments.

Responsibilities:

• Design and integrate security tooling into CI/CD pipelines using GitHub Actions and GCP Cloud Build to ensure automated code scanning, dependency security, secrets scanning, and policy enforcement.

• Develop secure, automated pipelines on the GCP platform, enabling continuous compliance validation, vulnerability scanning, and policy-as-code deployment for cloud workloads and containerised environments.

• Implement and manage emerging Microsoft Entra ID security controls, also including Conditional Access, Identity Protection, Privileged Identity Management (PIM), Identity Governance, and adaptive MFA policies across enterprise workloads.

• Leverage emerging Entra technologies such as Entra Agent ID, Entra Workload ID, Identity Governance lifecycle workflows, and Zero-Trust deployments,to strengthen identity protection, automate governance, and modernise access strategies.

• Continuously evaluate new features in Microsoft Entra ID and GCP IAM, providing architectural recommendations and integrating relevant capabilities into enterprise DevSecOps workflows.

• Automate identity and security configuration using scripting and IaC tools such as Terraform, Ansible and ARM templates, with multi-cloud pipeline support for Azure and GCP.

• Build and maintain custom security agents and automation workflows to enhance identity telemetry, enforce real-time access policies, and standardise cloud security controls across environments.

• Conduct regular reviews of roles, permissions, service principals, workload identities, and application registration security, ensuring least-privilege access and Zero Trust alignment.

• Collaborate with engineering teams to perform secure code reviews, threat modelling, vulnerability assessments, and provide remediation guidance during development and deployment cycles.

• Develop dashboards, reports, and automation for identity compliance, audit readiness, and IAM security posture using tools like Azure Monitor, GCP Looker, Sentinel, and BigQuery.

Qualifications:

• Strong technical, troubleshooting, and strategical skills to build emerging technology solutions at scale.

• 3–6+ years of experience in DevOps, SecOps, or Cloud Security Engineering roles.

• Strong hands-on experience with Microsoft Entra ID (AuthN Protocols, Conditional Access, PIM, Identity Protection, Graph API and automation).

• Lead GCP cloud deployments and build scalable, secure automation pipelines, leveraging Cloud Build, Cloud Deploy, Artifact Registry, and GCP-native IaC to support continuous delivery, compliance automation, and multi-cloud DevSecOps workflows.

• Experience with IaC: Terraform, Bicep, or ARM templates.

• Knowledge of container security, Kubernetes, and cloud-native security patterns.

• Solid understanding of Zero Trust principles, IAM, and identity lifecycle management.

• Familiarity with vulnerability management tools and SAST/DAST integrations (42Crunch, CheckmarX and FOSSA)

• Microsoft Azure certifications (e.g., AZ-500, SC-300, AZ-104, AZ-305) are a strong plus.

XML job scraping automation by YubHub

Responsibilities: Implement, design, and manage security architecture for Azure Government and Commercial deployments (with considerations for DoD IL5\IL6 and FedRAMP High controls) Configure and optimize Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated response Design and enforce identity & access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just-in-time access Secure network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpoints Protect data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controls Develop and maintain security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs, etc.) Perform threat hunting, incident response, and forensics using Sentinel playbooks, Log Analytics, and KQL queries Conduct security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloads Collaborate with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaults Monitor and remediate security findings, reduce attack surface, and improve overall security posture per the Microsoft Cloud Security Benchmark (MCSB) Deploy configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services.

Basic Qualifications: Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one. 3+ years of experience in cloud security, cybersecurity engineering, or related roles (with strong Azure focus). Deep hands-on expertise with core Azure security services: Microsoft Defender suite, Sentinel, Intune, Entra ID, Key Vault, Azure Policy, Firewall, Network Watcher, and Purview. Strong understanding of DLP implementation both in cloud and on endpoints utilizing Purview and other Microsoft native controls. Experience implementing security in hybrid/multi-cloud environments. Proficiency in scripting/automation (PowerShell, Azure CLI, Bicep/ARM templates, Terraform). Strong understanding of identity federation, zero-trust principles, encryption, network security, and vulnerability management. Familiarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs, etc.) and regulatory requirements. Excellent problem-solving, analytical, and communication skills. Strong verbal and written communication skills and the ability to stay composed under pressure.

Preferred Skills and Experience: Microsoft Certified: Azure Security Engineer Associate (AZ-500), Microsoft Cybersecurity Architect (SC-100). Additional relevant certifications (e.g., CISSP, CCSP, Microsoft Certified: Azure Administrator, AWS Security Specialty, SANS GCPS, SANS GCAD). Deep experience with detection and response engineering and SOC operations. Knowledge of container security (Docker, AKS), secure DevOps, or AI/ML workload protection. Prior experience in government regulations frameworks such as FedRAMP and CMMC.

ITAR Requirements: To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.

Compensation and Benefits: $180,000 - $440,000 USD. Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub