US LBM

Cybersecurity Engineer, DevSecOps, Cloud Security

US LBM

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

AzureCloudCyber SecurityPythonSQLTerraform

About the role

  • Serve as the subject matter expert for Microsoft Sentinel (SIEM & SOAR), including rule creation, playbook development, and integration with other security tools.
  • Manage and optimize Microsoft Defender for Cloud and Azure Policy to maintain and enhance Azure security posture.
  • Design and implement SOAR automation workflows using Azure Logic Apps.
  • Build and optimize Kusto Query Language (KQL) queries for detection, threat hunting, reporting, and automation.
  • Integrate security controls into DevSecOps pipelines, focusing on Azure DevOps, Terraform, and other CI/CD platforms.
  • Implement and maintain application security scanning using Black Duck or similar DAST/SCA tools.
  • Developing, implementing, and maintaining IAM systems and solutions
  • Troubleshooting, identifying, and resolving technical IAM related issues
  • Ensuring that solutions protect information resources against unauthorized use, inappropriate degrees of access, disclosure, damage and/or loss
  • Identifying, analyzing and resolving system design weaknesses
  • Build, implement and support enterprise-class security systems
  • Align organizational security strategy and infrastructure with overall business and technology strategy
  • Identify and communicate current and emerging security threats
  • Implement and maintain security infrastructure elements to mitigate threats as they emerge
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
  • Create solutions that balance business requirements with information and cybersecurity requirements
  • Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
  • Conducts or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
  • Test security systems to ensure they behave as expected
  • Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
  • Define, implement and maintain corporate security policies and procedures
  • Respond immediately to security-related incidents and provide thorough remedial solutions and analysis
  • Regularly communicate vital information, security needs and priorities to upper management

Requirements

  • 3-4 years IT security experience
  • 5-7 years IT systems engineering experience, with broad understanding of Windows Domain environment, networking, and some Cloud experience, particularly Microsoft Azure
  • Microsoft Cloud Security Solutions: Microsoft Sentinel (SIEM & SOAR), Microsoft Defender for Cloud, Azure Policy
  • DevSecOps / CI/CD Tools: Azure DevOps, Terraform, pipeline integration for secure deployments
  • Application Security Tools: Black Duck or equivalent SAST/DAST/SCA tools (e.g., Checkmarx, Veracode)
  • Automation & Scripting: Azure Logic Apps, PowerShell, Python, ARM templates, Bicep
  • Cloud & Infrastructure: Microsoft Azure resources — Virtual Machines, Storage Accounts, Logic Apps, Automation Accounts, SQL, App Services
  • Strong security frameworks and concepts: Zero Trust model, NIST Cybersecurity Framework, and Microsoft Cloud Security Benchmark
  • Risk, business impact, control and vulnerability assessments; defining treatment strategies; able to lead security initiatives
  • Excellent written and verbal communication skills; ability to collaborate across teams
  • Travel required to various operating locations
  • Industry certifications related to Security, Systems and Network Engineering, such as Network +, Security +, CCNA, Microsoft Certified Azure Security Engineer Associate (AZ-500)
  • Education: Bachelor’s degree in Information Systems or equivalent experience