Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
Senior Cloud Security Engineer Location:
Warren NJ (Hybrid 3 days onsite) Our client is hiring a Senior Cloud Security Engineer to serve as the dedicated owner of cloud security remediation and hardening across our environment. Our organization already has an established security team that identifies risks and issues recommendations. This role does not sit on that team. Instead, you are the engineer who turns those recommendations into durable, well-architected fixes and, just as importantly, makes sure the same findings don t come back. This is a hands-on engineering role, not an advisory one. Success means a measurably more secure environment, a shrinking backlog of recurring findings, and security controls that are enforced by design rather than by manual effort or one-off patches. What You ll Do Remediation & recurrence prevention (the core of this role) Own the full lifecycle of security findings and recommendations whether they come from the security team, Microsoft Defender for Cloud, or other tooling through triage, remediation, verification, and closure. Root-cause recurring issues and implement systemic fixes (policy-as-code, automated guardrails, secure baselines) so the same findings don t reappear quarter after quarter. Track remediation SLAs and report on risk reduction and posture trends over time. Identity & authentication Secure and govern modern authentication flows across the estate: OIDC, OAuth 2.0 with
PKCE, JWT
validation and handling, and mTLS . Administer and harden Microsoft Entra ID (Azure Entra) : app registrations and Enterprise Application permissions, consent governance, service principals and managed identities, credential and secret hygiene, and least-privilege scoping. Design, implement, and continuously tune Conditional Access policies. Cloud security engineering & governance Build and enforce guardrails using Azure Policy and Terraform ; maintain secure-by-default infrastructure-as-code baselines and detect/remediate configuration drift. Operate Microsoft Defender for Cloud drive secure-score improvement, remediate recommendations, and manage cloud security posture (CSPM). Contribute to security governance : standards, control definitions, exception handling, and audit evidence. Admin portal & privileged access security Secure all cloud and SaaS administrative portals Azure and other admin consoles (e.g., Microsoft 365 admin, identity providers, and any additional cloud platforms in use).
Strengthen privileged access:
MFA enforcement, Privileged Identity Management (PIM) / just-in-time elevation, role minimization, and break-glass procedures. AI security Apply security controls to AI workloads, services, and AI agents : agent and workload identities, tool and permission scoping, data-exposure and prompt-injection risk, and emerging AI security best practices. What You Bring (Required) 5+ years in cloud security or security engineering, with deep, hands-on Azure experience. Strong, hands-on Microsoft Entra ID expertise: app registrations, Enterprise Apps, permissions and consent, and Conditional Access. Solid working knowledge of modern authentication: OIDC, OAuth 2.0 / PKCE, JWT, and mTLS . Proficiency with Terraform and Azure Policy for policy-as-code and automated guardrails. Experience with Microsoft Defender for Cloud and cloud security posture management. A demonstrable track record of root-causing and permanently closing security findings not just patching them. Working understanding of AI, AI agents, and AI security considerations. Nice to Have Multi-cloud exposure (AWS, Google Cloud Platform). Relevant certifications (e.g., Microsoft
SC-100, AZ-500, SC-300
; CISSP). Experience with CI/CD pipeline security, secrets management, and
SIEM/SOAR.
Scripting/automation (PowerShell, Python). Hands-on experience securing LLM-based or agentic systems in production.
