Sr. Cloud Security Engineer (Remote)

Inspira Financial

$120K — $150K *
US-AnywhereRemote in Oak Brook, IL
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years in cloud engineering, infrastructure, or security engineering with hands-on security experience.
  • Bachelor's Degree in Computer Science, Software Engineering, Information Security, or equivalent experience.
  • Preferred technical certifications: AZ-500, SC-100, SC-200, AZ-104, or equivalent.
  • Experience in regulated industries like Financial Services, Insurance, or Health-Tech.
  • Familiarity with compliance frameworks: NIST, HIPAA, PCI, and Minimum Security Baselines.

Responsibilities

  • Perform hands-on remediation of cloud vulnerabilities and maintain compliance with policies.
  • Administer vulnerability management and CSPM tooling, focusing on scan coverage and reporting.
  • Identify and remediate security misconfigurations in Azure environments.
  • Implement security controls across cloud services and validate them effectively.
  • Maintain secure configurations across firewalls and network security components in collaboration with the Security Team.
  • Assist with credential hygiene, certificate management, and secrets governance when necessary.
  • Support server environment hardening using compliance-as-code practices.

Benefits

  • Flexible hybrid work environment.
  • Opportunities for professional development and certification.
  • Collaborative cross-team culture promoting continuous learning.
  • Involvement in industry-leading security practices.
  • Strong focus on work-life balance.
Full Job Description
The Sr. Cloud Security Engineer (Sr. CSE) is a hybrid cloud and security engineering role responsible for the hands-on remediation of infrastructure and cloud vulnerabilities, ensuring cloud and infrastructure resources maintain compliance with established policies and Minimum-Security Baselines (MSBs), and reporting the organization's current compliance posture. The Sr. CSE will partner with the Security team to define, author, and maintain cloud security policies - keeping pace with evolving industry trends and regulatory requirements. This role will also actively participate in audit activities, including evidence gathering, reporting, and cross-functional collaboration with Compliance, Legal, and IT teams.

Duties & Responsibilities:

Vulnerability Remediation & Security Operations
  • Perform hands-on remediation of infrastructure and cloud vulnerabilities, driving issues to closure within established SLAs and policy requirements
  • Operate and administer vulnerability management and cloud security posture management (CSPM/DSPM) tooling - managing scan coverage, remediating findings, and reporting on SLA adherence
  • Identify, prioritize, and remediate cloud misconfigurations and security posture gaps across the organization's Azure subscriptions and infrastructure
  • Implement and validate security controls across cloud-native services, IaaS, PaaS, and container-based workloads
  • Maintain and enforce secure configurations across firewalls, network security components, application delivery infrastructure, and compute platforms in partnership with the Security Team
  • When needed, assist with privileged credential hygiene, certificate lifecycle, and secrets governance across the environment
  • Support the hardening of Windows and Linux server environments through configuration management and compliance-as-code practices
  • Maintain awareness of known and emerging vulnerabilities across the full technology stack - cloud services, OS platforms, network components, and application runtimes


Compliance, Policy & Reporting

  • Monitor and report the organization's compliance posture against established security policies, baselines, and regulatory frameworks
  • Partner with the Security team to define, author, and maintain cloud and infrastructure security policies - keeping pace with evolving industry trends and regulatory requirements
  • Review and update existing policies on a regular cadence to reflect changes in the cloud environment and threat landscape
  • Produce accurate, timely compliance posture reports for leadership - covering baseline adherence, vulnerability SLA performance, and remediation progress
  • Coordinate and assist in evidence collection and audit maintenance for internal and external organizational assessments, including regulatory audits and third-party risk reviews
  • Respond to findings from audits, security questionnaires, and internal/external scanning or penetration testing


CI/CD Pipeline & Infrastructure Security

  • Partner with Software Engineering and App Security teams to embed security into CI/CD pipelines and deployment workflows - including secret scanning, least-privilege deployment identities, and secrets management integration
  • Review and advise on Infrastructure-as-Code (IaC) implementations from a security perspective, ensuring patterns align with security baselines and organizational standards
  • Support secure configuration management across server and cloud environments
  • Ensure PKI and certificate management practices are maintained across the environment - including TLS/SSL lifecycle, renewal processes, and certificate inventory


Technical Leadership & Mentorship

  • Serve as an informal technical leader and security subject matter expert across Cloud Engineering, Platform Engineering, and adjacent teams
  • Mentor engineers on security best practices, secure design patterns, and compliance requirements - elevating security competency across the department without direct people management responsibilities
  • Contribute to architecture and design reviews, providing a security lens on cloud platform decisions in partnership with the Cloud Architect


Cross-Team Collaboration

  • Cloud Engineering & Platform Engineering - consult on secure architecture, container platform hardening, network segmentation, and pipeline security practices
  • Identity & Access Management (IAM) - partner on identity governance, privileged access management, and access control policy enforcement
  • Incident Response / Vulnerability Management - collaborate with the Security Detection & Response team on vulnerability prioritization, SLA tracking, remediation coordination, and incident response activities
  • Audits & Assessments - provide technical support for evidence gathering, compliance posture reporting, and audit response
  • Application Development Teams - consult on security requirements for cloud-native application platforms, ensuring developer environments are built securely from the ground up


Additional Requirements:

As part of the evaluation process, candidates who progress beyond the initial screening will be required to complete a formal technical assessment to validate coding proficiency and technical competency.

Education & Experience
  • 10+ years of experience in cloud engineering, infrastructure, or security engineering - with demonstrated hands-on security work, not just advisory
  • Bachelor's Degree in Computer Science, Software/Computing Engineering, Information Security, or related field - or equivalent experience
  • Technical certifications preferred: AZ-500, SC-100, SC-200, AZ-104, or equivalent cloud/security certifications
  • Experience working in regulated industries (Financial Services, Insurance, or Health-Tech preferred)
  • Familiarity with compliance frameworks: NIST, HIPAA, PCI and Minimum Security Baselines (MSBs)


Skills & Abilities

Hands-on experience or significant exposure to the following services and concepts:

Cloud Platform - Azure
  • Networking & Security: Virtual Networks (VNETs) and peering, NSGs, UDRs, Private Endpoints, Azure Firewall, Application Gateways (including WAF - OWASP ruleset configuration, Detection vs. Prevention mode), ExpressRoute, VPN Gateways, and Azure Bastion
  • Compute & Containers: Virtual Machines, VM Scale Sets, AKS (Kubernetes), and Container App Environments - including cluster hardening, network policy enforcement, workload identity, and Azure Policy for Kubernetes
  • Identity & Access: Active Directory (on-prem, hybrid Entra Connect sync), Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policy design and enforcement, Azure RBAC (including custom role design), and Entra ID Protection
  • Security & Compliance Tooling: Microsoft Sentinel, Microsoft Defender for Cloud (Defender for Containers, Defender for Servers, Defender CSPM), and Azure Policy
  • Monitoring & Observability: Azure Monitor - KQL, alert rule configuration, log-based queries, and action group integrations; familiarity with Log Analytics Workspace architecture and log ingestion patterns at scale
  • Secrets & Certificates: Azure Key Vault and Key Vault CSI Secrets Store driver for AKS
  • Storage & Recovery: Storage Accounts, Backup Vault, and Azure Site Recovery
  • Virtual Desktop: Azure Virtual Desktop (AVD)


Security Tooling
  • Rapid7 - vulnerability management and scanning (InsightVM or InsightIDR); scan configuration, reporting, and SLA tracking
  • Wiz and/or Orca Security - CSPM/DSPM platform experience; cloud misconfiguration identification, prioritization, and remediation workflows
  • Microsoft Sentinel - SIEM administration, analytics rule management, and data connector configuration; familiarity with security log feeds from edge and email security platforms preferred
  • Microsoft Defender for Cloud - Defender plans (Servers, Containers, CSPM), agentless scanning, and security recommendation management
  • Datadog - log management, infrastructure monitoring, and security-adjacent alerting
  • Identity, Access & Privileged Access Management
  • Delinea Secret Server (Thycotic) - PAM administration, privileged credential vault management, and access policy configuration
  • Active Directory + Entra ID - hybrid identity, Entra Connect sync, group policy (GPO), DNS, and DHCP administration
  • Conditional Access, PIM, and RBAC - policy design, enforcement, and least-privilege access models at enterprise scale
  • Microsoft Intune - device compliance enforcement as part of a Zero Trust security posture
  • Certificate Management - PKI, TLS/SSL lifecycle management, certificate inventory, and renewal processes


Network & Perimeter Security
  • Cloudflare (Enterprise) - CDN, WAF, DDoS protection, and DNS proxy configuration and management
  • Network routing and VPN - hub-and-spoke topology, route tables, ExpressRoute, and VPN Gateway
  • Cisco ASAv - virtual firewall configuration and management
  • DNS, DHCP, and Group Policy - enterprise-scale administration in hybrid environments
  • DevOps, IaC & Pipeline Security
  • Azure DevOps (ADO) - CI/CD pipeline security, build agent management, and secure pipeline design
  • GitHub / GitLab - source control security, branch protection, secret scanning, and pipeline hardening
  • Infrastructure-as-Code (IaC) - Terraform, ARM templates, or Bicep - with a security-first approach to cloud deployments
  • CHEF - configuration management and compliance-as-code for server fleet hardening and baseline enforcement
  • Endpoint & Server Platforms
  • Windows Server - administration, hardening, security baseline enforcement, and Group Policy management
  • Linux Server - administration, hardening, and security baseline enforcement across enterprise server fleets
  • Microsoft 365 Suite - Exchange, SharePoint, Teams, and Intune - security configuration and administration


Frameworks & Compliance
  • Familiarity with NIST, HIPAA, and organizational Minimum Security Baselines (MSBs)
  • Understanding of Zero Trust architecture principles and how they apply across identity, network, and workload security
  • Familiarity with PCI-DSS scoped environment security requirements preferred
  • Experience operating in regulated industries (Financial Services, Insurance, or Health-Tech)


Experience with or exposure to the following developer runtimes and technologies is a plus, as this role will consult on security posture within environments built on:
  • ASP.NET, .NET, Java (JBoss / Hibernate / JMS), gRPC, Redis, SQL Server

Similar Jobs

More Jobs at Inspira Financial

More Information Technology Jobs

Find similar Sr. Cloud Security Engineer (Remote) jobs: