HHS - Sr. Azure Security Engineer

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
• Minimum 7 years of cybersecurity experience, with at least 4 years focused on Azure cloud security.
• Strong experience securing Azure IaaS, PaaS, and SaaS environments.
• Hands-on experience with Azure security services including Defender for Cloud, Azure Firewall, Azure WAF, Azure Sentinel, and Azure AD.
• Experience supporting FedRAMP and FISMA-compliant cloud environments.
• In-depth knowledge of NIST SP 800-53, 800-37, 800-137, and related federal guidance.
• Experience integrating cloud logs and telemetry into SIEM platforms.
• Experience with Infrastructure as Code tools such as ARM, Bicep, or Terraform.
• Ability to effectively communicate technical concepts to both technical and non-technical stakeholders.
• Microsoft Certified: Azure Security Engineer Associate or Microsoft Certified: Azure Solutions Architect Expert
• Active CISSP, CCSP, or equivalent cloud security certification, GIAC Cloud Security Automation (GCSA) or similar

Responsibilities

• Serve as the Subject Matter Expert (SME) for Azure cloud security architecture, implementation, and operations.
• Design, implement, and maintain secure Azure IaaS, PaaS, and SaaS environments in compliance with NIST SP 800-53, NIST SP 800-37, FedRAMP, and HHS/HRSA security requirements.
• Administer and maintain Cloud Security Posture Management (CSPM) solutions to identify misconfigurations, vulnerabilities, and compliance gaps in Azure environments.
• Implement and manage Azure security controls including Azure Active Directory, RBAC, Conditional Access, Network Security Groups, Azure Firewall, Azure WAF, encryption, and key management.
• Support FedRAMP and agency ATO processes by validating inherited controls, reviewing FedRAMP documentation, and supporting continuous monitoring activities.
• Integrate Azure-native logging and monitoring services (e.g., Azure Monitor, Defender for Cloud) with HRSA’s SIEM.
• Implement runtime security for cloud workloads including virtual machines, containers, and serverless functions.
• Develop and maintain Infrastructure as Code (IaC) solutions with embedded security controls and automated validation.
• Support CI/CD pipeline security by integrating automated security testing tools including SAST, DAST, and IaC scanning.
• Design and maintain Zero Trust cloud security architectures in alignment with OMB M-22-09.
• Provide security guidance for cloud migrations, application onboarding, and modernization efforts.
• Respond to cloud-related security incidents and support incident response, forensic analysis, and remediation.
• Maintain SLAs for cloud security support requests and provide regular status reporting.
• Develop and maintain documentation including architecture diagrams, SOPs, and security baselines.