We are seeking a highly skilled and experienced Senior Azure Security Engineer. The ideal candidate will be responsible for ensuring the security and integrity of an Azure-based infrastructure. This role involves remediating vulnerabilities, fixing misconfigurations, and enhancing security across various Azure services and platforms. The Senior Azure Security Engineer will work closely with cross-functional teams to implement security best practices and ensure compliance with industry standards.

Key Responsibilities:

OS-Level and VM Configuration Security:

· Remediate OS-level and VM-configuration vulnerabilities on Windows servers.

· Manage and secure Windows Server environments (2016–2022) through patching, Group Policy Objects (GPO), TLS hardening, and Desired State Configuration (DSC).

· Address Wiz VM vulnerability and misconfiguration findings.

· Utilize Microsoft SCCM for patch management and automation.

· Implement PowerShell automation at scale for efficient security management.

· Tighten Network Security Groups (NSG) and firewalls, and ensure disk encryption (ADE/SSE-CMK) and endpoint protection.

Azure PaaS Security:

· Fix misconfigurations across Azure App Services, SQL, Storage, Key Vault, and other PaaS offerings.

· Implement Azure PaaS security controls, including TLS, managed identity, private endpoints, firewall rules, and AAD-only authentication.

· Map Wiz CSPM findings to Azure resource properties and address them effectively.

· Author Azure Policies, including custom definitions and remediation tasks.

· Utilize C# to add security guardrails to deployment tools.

· Integrate security checks into Azure DevOps Pipelines using Wiz CLI and policy-as-code.

Container and AKS Security:

· Remediate container image CVEs, AKS cluster misconfigurations, and runtime posture gaps.

· Administer AKS clusters, including upgrades, private cluster configurations, and authorized IP ranges.

· Apply Linux fundamentals to manage AKS nodes.

· Conduct Wiz container scanning to identify and address image CVEs and KSPM issues.

· Integrate Wiz CLI and Admission Controller into Azure DevOps Pipelines.

· Remediate Dockerfile issues, including base image pinning and multi-stage builds.

· Harden Kubernetes environments with Pod Security Standards, NetworkPolicies, RBAC, and Key Vault CSI driver.

· Perform ACR registry scanning and Helm chart security reviews.

Requirements:

· Proven experience as an Azure Security Engineer or similar role.

· Strong expertise in Windows Server security and configuration management.

· Proficiency in Microsoft SCCM, PowerShell, and Azure DevOps.

· Experience with Azure PaaS security controls and policy authoring.

· Proficiency in C# for security tool development.

· Solid understanding of AKS administration and Linux fundamentals.

· Experience with container security, including Docker and Kubernetes.

· Familiarity with Wiz security tools and integration into DevOps pipelines.

· Strong analytical and problem-solving skills.

· Excellent communication and collaboration abilities.