Azure Security Engineer (Remediation & DevSecOps)

We are seeking a hands-on Azure Security Engineer to focus on fixing security gaps across the Azure cloud environment. In this technical role, you will specialize in vulnerability remediation, AKS hardening, and network isolation using private connectivity and automated pipelines to strengthen our overall cloud security posture.

Responsibilities

• Resolve security recommendations within Microsoft Defender for Cloud and execute technical fixes (patching, config changes, policy deployments) to drive up the Azure Secure Score
• Harden Azure Kubernetes Service (AKS) clusters using CIS Benchmarks
• Implement Kubernetes Network Policies to restrict pod-to-pod communication
• Enforce identity security using Managed Identities, OIDC, and Entra ID integration
• Manage and remediate Kubernetes YAML manifests, ensuring Pod Security Standards (PSS) and resource limits are enforced
• Secure Azure Container Registry (ACR) by implementing Private Endpoints, disabling public access, and managing image signing via Content Trust
• Set up lifecycle policies to automatically purge vulnerable or outdated container images
• Embed security scanning (SAST/SCA) into Azure DevOps CI/CD pipelines
• Leverage Infrastructure as Code (Terraform, Bicep, or ARM) to automate the deployment of secure network patterns and NSG rules
• Manage Network Security Groups (NSGs) and ASGs using the principle of least privilege
• Deploy and manage Azure Private Links and Private Endpoints to ensure PaaS services (SQL, Storage, Key Vault, Cosmos DB) are not exposed to the public internet
• Remediate "Public Access Enabled" alerts by migrating resources to private networking backbones

Requirements

• 4+ years of experience working with the Azure Cloud Platform
• Proficiency in Microsoft Defender for Cloud, Azure WAF, and Azure Key Vault
• Expertise in Azure Pipelines and ACR Management, including embedding automated security gates (SAST/SCA/IaC Scanning) into Azure DevOps CI/CD pipelines
• Hands-on experience with AKS and ACR security
• Strong skills in PowerShell or Azure CLI for bulk remediation tasks
• Understanding of VNet Peering, NSG/UDR configuration, and Private Endpoint implementation
• Capability to write and remediate Terraform or Bicep code
• English proficiency at a B2 level to ensure effective communication and documentation

Nice to have

• Certifications: AZ-500 (Azure Security Engineer Associate), AZ-400 (Azure DevOps Engineer)
• Familiarity with Azure CLI and Azure Pipelines
• Knowledge of Bicep
• Background in Terraform