Rosemallow Technologies - Cyber Security Engineer (5-7 yrs)

Job Description :

We are looking for an experienced Cybersecurity Engineer with 5+ years of experience, including a minimum of 3 years working in an Azure cloud environment, to join our team.

The ideal candidate will have expertise in designing, implementing, and maintaining cloud security solutions to protect our infrastructure, applications, and data.

As part of the cybersecurity team, you will work to ensure the confidentiality, integrity, and availability of our systems and data within Microsoft Azure.

You will be responsible for leveraging a range of Azure security tools, maintaining best practices, and ensuring the organization is protected from emerging security threats.

Key Responsibilities :

- Lead and implement security solutions in the Azure cloud environment using tools such as Azure Security Center, Azure Sentinel, Azure AD, and Key Vault.

- Configure, monitor, and optimize Azure Security Center and Microsoft Defender for Cloud to ensure the highest level of security.

- Implement and enforce identity and access management (IAM) policies using Azure Active Directory (Azure AD), ensuring secure user authentication, authorization, and access control.

- Use SIEM (Security Information and Event Management) tools like Azure Sentinel to monitor and respond to security events, conducting proactive threat hunting and incident response.

- Investigate security breaches and potential threats, providing detailed incident reports and recommending corrective actions.

- Conduct vulnerability assessments and coordinate with other teams to address and resolve security issues.

- Work closely with cloud-native security tools like Azure Sentinel, Microsoft Defender for Identity, and Azure Key Vault to ensure seamless encryption and secure key management.

- Collaborate with DevOps and development teams to embed security practices into the CI/CD pipeline (DevSecOps) within Azure DevOps, securing applications from development through deployment.

- Review and analyze cloud logs, vulnerabilities, and risk factors to implement appropriate remediation measures in the Azure cloud environment.

- Ensure the security architecture complies with established security frameworks and standards such as NIST, CIS, SOC 2, GDPR, and ISO 27001.

- Conduct risk assessments and ensure compliance with industry regulations and internal policies, maintaining comprehensive documentation for audits and assessments.

- Implement controls to meet organizational compliance goals while ensuring data privacy and security.

- Automate security tasks and monitoring using tools such as PowerShell, Azure CLI, or Terraform for Infrastructure as Code (IaC).

- Create and maintain automation scripts to enforce security policies, automate response actions, and integrate security measures into Azure environments.

- Secure containerized applications and microservices deployed on Azure Kubernetes Service (AKS).

- Implement best practices to secure Docker containers and ensure security in AKS environments, including image scanning, vulnerability management, and runtime protection.

- Collaborate with IT teams, development teams, and security architects to define and implement security policies, protocols, and standards.

- Participate in regular security audits and ensure that all security policies are enforced and maintained across the organization's Azure environment.

- Provide cybersecurity training and guidance to employees to foster a security-aware culture within the organization.

- 5+ years of experience in cybersecurity, with at least 3 years of experience working within an Azure cloud environment.

- Expertise in Azure cloud security services, including Azure Security Center, Azure Sentinel, Azure AD, and Azure Key Vault.

- Hands-on experience in managing cloud security policies, configuring role-based access control (RBAC), and enforcing encryption techniques across Azure resources

- Proficiency in using SIEM tools such as Azure Sentinel to monitor, analyze, and respond to security incidents.

- Experience with cloud security best practices, including encryption, identity management, vulnerability scanning, and incident response.

- Strong knowledge of security frameworks and standards such as NIST, CIS, SOC 2, GDPR, and ISO 27001.

- Proficient with scripting and automation tools like PowerShell, Azure CLI, and Terraform for automating security tasks and cloud infrastructure.

- Familiarity with container security in Azure Kubernetes Service (AKS) and microservices environments