Azure Security Engineer

About Steel Patriot Partners:

Steel Patriot Partners provides comprehensive governance, risk, and compliance (GRC) solutions, ensuring organizations meet Federal and non-Federal standards. Taking an engineering-first approach, Steel Patriot Partners offers tailored services, from program management to managed security, delivering actionable results for lasting compliance.

Position: Security Engineer III

Only candidates local to Northern Virginia will be considered.

Job description:

As a Security Engineer III, you will maintain Microsoft 365 environments coupled with Azure, focusing on security and compliance. You will use internal tools and systems with our SOC team to detect, prevent, and respond to malicious activity in customers' Azure environments. You will also lead efforts to integrate security compliance best practices using Azure services to meet frameworks like FedRAMP, GovRAMP, and CMMC. As a successful candidate, you will need experience configuring Microsoft 365 and Azure services in an enterprise environment to meet compliance standards. This position is located in Reston, VA. Due to the business services of the organization's customers, applicants must be US citizens.

Schedule:

8 am to 5 pm ET (M-F) with rotating On-Call

Location:

Reston, VA

Typical Tasks:

• Manage and maintain Azure-based environments, ensuring optimal performance, security, and scalability.
• Utilize Azure Entra to manage user identities and access rights, ensuring proper security measures are in place, including Privileged Identity Management (PIM).
• Support security workflows by performing analysis (e.g., DLP, log file reviews)
• Handle Azure management tasks, troubleshooting issues, and optimizing configurations.
• Implement key security and management concepts such as multi-factor authentication, conditional access, mobile device management, and mobile application management.
• Analyze security tools (e.g., Microsoft Sentinel, Splunk, Microsoft Defender for Cloud, Azure Information Protection) to ensure they align with policies and procedures and are correctly configured (ex., Microsoft Secure Score, Purview, etc).
• Utilize Azure Resource Manager to implement and maintain a hands-off approach to change control.
• Support and assistance through ticketing and support solutions, promptly addressing user inquiries and technical issues.
• Monitor and manage systems remotely, utilizing remote monitoring and management solutions to ensure system health and performance.
• Support incident response and security operations by coordinating with the client's service providers and the client during investigations.
• Ensure all cloud logs are onboarded to SIEM tool and the correct events are logged.
• Assist the engineering team with deploying, configuring, and maintaining Azure cloud-based tools, technologies, applications, and solutions.
• Analyze proposed changes to security controls as part of a change control process.

Requirements:

• 4 years of direct experience in Azure environments, with Azure Entra, Azure Resource Manager, and deployment administration experience.
• Microsoft Certified: Azure Solutions Architect Expert (AZ-305), or equivalent certifications (e.g., AZ-104, AZ-400)
• Exceptional written and verbal communication skills with a demonstrated strong work ethic, analytical skills, integrity, and humility.
• Ability to quickly learn, understand, and evaluate current and new tools.
• Ability to work independently with substantial latitude for action and decision while focusing on achieving desired outcomes as part of a collaborative development effort.
• Architect, design, deploy, and manage Azure Government (IaaS, SaaS, PaaS) services and solutions with hands-on experience deploying and maintaining Azure Government tenants.
• Skilled in using Azure Monitor, Log Analytics, and Application Insights for proactive monitoring and troubleshooting
• Hands-on experience with security services such as Microsoft Defender for Cloud, Key Vault, and Azure Sentinel.
• Ability to design, deploy, and maintain Azure Virtual Desktop (AVD), including session host management, user profile configurations, and performance optimization
• Proficient in Infrastructure as Code (IaC) using ARM Templates, Bicep, or Terraform, with strong scripting skills (PowerShell, Azure CLI)
• A working knowledge of the various operating systems (e.g., Windows, OS X, Linux, etc.) commonly deployed in enterprise networks, an understanding of Windows Active Directory is also required, and a working knowledge of network communications and routing protocols (e.g. TCP, UDP, ICMP, BGP, MPLS, etc.) and typical internet applications and standards (e.g. SMTP, DNS, DHCP, SQL, HTTP, HTTPS, etc.).
• Deep understanding of core Azure services: Virtual Machines, Storage Accounts, Virtual Networks, Load Balancers, and Azure Entra
• Proficiency in advanced networking components (Azure Firewall, ExpressRoute, VPN Gateway, Private Link) and governance tools (Azure Policy, Blueprints, management groups)
• Ability to support coverage requirements for various shifts during holidays and weekends when required.

Recommended Skills:

• Proficient knowledge of IT technologies, including operating systems, networking, virtualization, and cloud, complemented by a deep understanding of IT/information security governance frameworks such as HITRUST, FedRAMP, ISO27001, NIST, CIS, CSF, HIPAA, PCI, COBIT, ITIL, and more.
• Familiarity with CI/CD pipelines (Azure DevOps or GitHub Actions), automated testing, and containerization technologies (Docker, AKS)
• Familiarity with regulatory frameworks (NIST SP 800-53, CMMC, FedRAMP, ISO 27001) and experience implementing compliance controls

Citizenship Clearance Requirement:

Applicants selected will be subject to a background investigation and must meet eligibility requirements - US CITIZENSHIP.

Benefits:

• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

Compensation Package:

• Bonus opportunities

Schedule:

• Holidays
• Monday to Friday
• On call

Work Location: In person