Azure Cloud Security Engineer

Azure Cloud Security Engineer to join its Risk and Security team and help build, customize, and deploy cloud security guardrails for applications migrating into Azure. The organization is well into its Azure journey and is now focused on scaling governance and security controls to support large‑scale, real‑world application migrations. This role is highly hands‑on and execution‑focused, working directly with Azure Policy, permissions, and policy‑as‑code deployments to remove security as a bottleneck to cloud adoption.

Top Skills:

(Must-Haves) Hands‑on Azure Cloud Security experience in enterprise environments Strong Azure Policy experience, including creating and customizing policies from the ground up Azure permissions and RBAC design experience (scopes, least privilege, role design) Experience deploying infrastructure or policy via CI/CD pipelines using GitLab Practical experience with policy‑as‑code or infrastructure‑as‑code tools such as EPAC, Terraform, Bicep, or ARM What You ll

Be Doing:

Build and customize Azure Policy guardrails to support secure application migrations into Azure Design and implement Azure RBAC models aligned to least‑privilege principles Deploy and manage policies at scale using EPAC or equivalent IaC and CI/CD approaches Partner with application, cloud, and security teams to translate security requirements into deployable engineering solutions Support governance, compliance, and risk initiatives across a large Azure enterprise environment Contribute hands‑on within GitLab‑based pipelines to automate and standardize policy deployment Nice to Have /

Additional Notes:

Direct experience with EPAC (Enterprise Policy as Code) is preferred, but strong Azure Policy experience with the ability to ramp quickly is acceptable Background supporting large‑scale cloud migrations Experience in financial services or other regulated industries This role is execution‑focused rather than architecture‑heavy Candidates must be local to Buffalo, NY; this role is not remote