Senior IT Cloud Security Engineer

Role purpose:

To design, implement, and manage the organization’s end-to-end security posture across AWS and Azure cloud environments, endpoints, data, communications, and systems. The role ensures Zero Trust principles are applied across all layers identity, access, data, and infrastructure and leads SecOps and SOC operations to protect against cyber threats, ensure compliance, and maintain operational resilience.

Key responsibilities:

Cloud Security Architecture & Governance

• Act as a multi-cloud security architect with a primary focus on AWS and secondary focus on Azure.

• Design and implement secure cloud architectures that align with organizational standards and regulatory requirements.

• Manage and harden cloud environments using AWS services (EC2, S3, RDS, IAM, VPC, CloudFormation, Route 53, CloudWatch) and Azure services (VMs, Storage, Networking, Azure AD, Synapse).

• Apply Zero Trust principles across all cloud layers, enforcing segmentation, least privilege, and secure access policies.

• Conduct regular cloud security posture reviews and audits, ensuring adherence to frameworks such as ISO 27001, NIST, CIS, and SCA.

Microsoft & Identity Security Management

• Administer and secure Microsoft 365, Exchange, Active Directory, and Windows Server OS environments.

• Ensure effective management of domain services, identity synchronization, and group policies.

• Implement Conditional Access, MFA, and Privileged Access Management (PAM) controls to protect user and administrative identities.

• Integrate and maintain identity federation between cloud and on-prem systems for unified authentication.

Infrastructure Operations & BAU Security

• Oversee infrastructure BAU operations including backups, patching, monitoring, and capacity management.

• Lead SecOps activities including endpoint patching, vulnerability remediation, and system hardening.

• Manage both Windows and Linux operating systems, ensuring compliance with hardening benchmarks.

• Collaborate with the NOC team to ensure continuous monitoring, incident response, and SLA compliance.

• Maintain and secure limited on-prem infrastructure, including firewalls, switches, and IP telephony systems.

Automation, DevSecOps & Infrastructure as Code (IaC)

• Implement and manage CI/CD pipelines using Azure DevOps (preferred), AWS CodePipeline, and GitHub Actions.

• Apply Infrastructure as Code (IaC) principles using Terraform, CloudFormation, ARM, Bicep, and Ansible to automate provisioning and enforce secure configurations.

• Integrate security scanning (SAST, DAST, dependency checks) into development and deployment pipelines.

• Deploy and manage container platforms (Amazon EKS, Azure AKS) with secure baseline configurations.

Security Operations (SOC) & Incident Management

• Oversee SOC operations, ensuring effective monitoring, alert triage, and incident response.

• Utilize SIEM/SOAR tools (Azure Sentinel, Splunk, AWS Security Hub) for centralized visibility and automation.

• Lead the incident response lifecycle—detection, containment, investigation, remediation, and lessons learned.

• Conduct root cause analysis for major incidents and ensure continuous improvement of detection rules.

• Coordinate with cross-functional teams for vulnerability remediation and threat intelligence sharing.

Risk Management, Compliance & Resilience

• Conduct vulnerability assessments, penetration testing, and compliance reviews across systems and networks.

• Define risk treatment plans and ensure timely mitigation of identified risks.

• Maintain documentation for all cloud security controls, policies, and configurations.

• Implement and validate Disaster Recovery (DR) and Business Continuity strategies across AWS and Azure.

• Drive continuous security improvement through automation, governance, and training.

Required qualifications & experience:

· Bachelor’s degree in Computer Science, Information Security, or related field (Master’s preferred).

· 10+ years of IT and security experience, with at least 5 years in multi-cloud (AWS and Azure) security.

· Proven track record designing and managing cloud and hybrid security architectures.

· Experience implementing Zero Trust frameworks and securing cloud infrastructure and endpoints.

· Hands-on expertise with IAM, EDR, DLP, encryption, and vulnerability management tools.

· Experience managing SOC/SecOps and supporting compliance with ISO 27001, NIST, and SCA standards.

· Certifications:

o CISSP or CCSP (required)

o AWS Certified Security – Specialty (preferred)

o Microsoft Certified: Cybersecurity Architect Expert or Azure Security Engineer Associate (preferred)

o ISO 27001 Lead Implementer or Zero Trust Certified Architect (advantage)

o ITIL Foundation (preferred)

Skills & competencies:

· Cloud security architecture (AWS & Azure).

· Identity and access management (IAM, PAM, MFA, Conditional Access).

· Infrastructure as Code (Terraform, CloudFormation, ARM, Bicep, Ansible).

· SOC and SecOps operations management.

· Endpoint and vulnerability management (EDR, patching, DLP).

· DevSecOps and CI/CD integration (Azure DevOps preferred).

· Networking, firewalls, VPN, and hybrid connectivity security.

· Compliance with ISO 27001, NIST, and SCA frameworks.

· Disaster Recovery and business resilience planning.

· Strong analytical and problem-solving mindset.

· Effective communication with technical and non-technical stakeholders.

· High attention to detail and accountability.

· Collaborative and team-oriented approach.

· Continuous learning and adaptability to evolving threats and technologies.