Job Responsibilities

• Design and implement security controls across cloud and hybrid (onpremises) environments

• Build and maintain security automation using PowerShell, Python, or Infrastructure as Code (IaC)

• Configure and optimize security platforms (SIEM, EDR, DLP, CASB, vulnerability scanners)

• Implement Zero Trust principles across identity, network, and data environments

• Partner with Infrastructure, Networking, and DevOps teams to design secure solutions

• Secure Azure and AWS environments using native and thirdparty security controls

• Implement Microsoft Defender, Sentinel, Purview, and Entra ID security capabilities

• Design and enforce cloud security policies and governance frameworks

• Monitor cloud security posture and remediate misconfigurations

• Configure and maintain network security technologies (e.g., firewalls, IDS/IPS, DLP)

• Implement network segmentation and secure connectivity solutions (VPN, remote access)

• Develop SIEM detection rules, threat alerts, and automated incident response playbooks

• Perform threat hunting, vulnerability assessments, and support penetration testing

• Monitor and analyze security logs, network activity, and forensic artifacts

• Evaluate, deploy, tune, and integrate security technologies; create dashboards and documentation

Requirements

• Bachelor's Degree in Computer Information Systems, Cybersecurity, or a related field or equivalent experience.

• Minimum of 3 years of experience in cybersecurity engineering or security operations to include but not limited to the following:

• Handson implementation and administration of enterprise security tools (e.g., SIEM, EDR, DLP)

• Proven cloud security experience in Azure and/or AWS

• Experience with network security architecture and technologies (e.g., firewalls, IDS/IPS, DLP)

• Scripting or automation experience (e.g., PowerShell, Python, Bash)

Preferred Qualifications

• Microsoft Security Stack expertise (Defender, Sentinel, Purview, Entra ID)

• Experience with enterprise security platforms (e.g., Palo Alto, CrowdStrike)

• Container and Kubernetes security experience

• DevSecOps practices and CI/CD pipeline security

• Professional services or consulting background

• Infrastructure as Code tools (e.g., Terraform, ARM, CloudFormation)

• Security tool integration with ITSM or automation platforms

• Relevant certifications (e.g., CISSP, Azure Security Engineer Associate, GIAC, OSCP)

Certain states require us to disclose the pay range and benefits summary for job openings. For Colorado residents, the compensation range for this position: $95,000 - $143,800. For Washington residents, Illinois residents, New York residents, and Southern California residents, the compensation range for this position: $100,000 - $158,200. For Northern California residents, the compensation range for this position: $105,000 - $165,300. Compensation may vary based on skills, role, and location. Eligible employees at certain levels can participate in a discretionary long-term financial incentive plan, subject to plan participation rules.

Armanino has a robust offering of benefits, including: 

• Medical, dental, vision

• Generous PTO plan and paid sick time

• Flexible work arrangements

• 401K with Profit Sharing

• Wellness program

• Generous parental leave

• 11 paid holidays

For positions based in San Francisco, consistent with the SF Fair Chance Ordinance, an arrest and conviction record will not automatically disqualify a qualified applicant from consideration.

For Individuals who would be working within the City of Los Angeles, Armanino will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance