The Cloud Security Engineer (CSE) should be hands-on in all aspects of Azure security including implementing security controls and threat protection, manage identity and access management, defining organizational structure and policies, using Azure technologies in order to provide data protection, configuring network security defenses, collecting and analyzing Azure logs, managing incident responses, and an understanding of regulatory concerns. As a Cloud Security Engineer you design and implement a secure end-to-end infrastructure on Azure in a hybrid cloud setup.

• Monitor security events daily, performing investigations and working with appropriate team members, business teams and Technology teams to develop solutions that address critical security concerns
• Maintain and improve the security posture of the Azure platform, identifying, and remediating vulnerabilities by using a variety of security tools.
• Provide cyber security expertise in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks.
• Implement and configure security controls and policies, manage access to data, and monitor threats to ensure that apps, containers, infrastructure, and networks are protected.
• Implementing threat protection and responding to security incident escalations.
• Automate security controls, data, and processes to provide better metrics and operational support using security-as-code.
• Configure access within a cloud solution environment using the defense-in-depth principle
• Configure network security including in a hybrid context with traditional network centric controls Ensure data protection
• Manage operations within a cloud solution environment such as operations tasks, using cloud native tools, like Log Analytics, Azure Monitor and Azure Security Center or other monitoring tooling.
• Support our cloud engineers to implement security best-practices and enable secure development and release processes.
• Deep understanding of configuring security policies and securing applications and data.

• Performs other duties as assigned.
• Complies with all policies and standards.
• For specific duties and responsibilities, refer to documentation provided by the department during orientation.
• Must abide by all requirements to safely and securely maintain Protected Health Information (PHI) for our patients. Annual training, the UH Code of Conduct and UH policies and procedures are in place to address appropriate use of PHI in the workplace.

• Bachelor's Degree in Information Technology, Computer Science, or a related field Required

• 5+ years IT security experience Required and
• 3+ years building and maintaining secure azure cloud solution and tools (Azure Monitor, Log Analytics, Azure Security Center) Required

• Understand agile and DevOps concepts in a security context such as “trust but verify”, central vs decentral controls, make agile teams as autonomous as possible while ensuring the teams adhere to the NonFunctional-Requirements.
• A deep understanding of networking, e.g. IP subnetting, Network Security Groups, routing, Azure Firewall, ExpressRoute, load balancer, DNS.
• Strong familiarity with cloud capabilities and products and services for Azure, e.g. Azure Active Directory,
• Privileged Identity Management, VMs, Container Registry, Azure Kubernetes Services (AKS), Data Services, KeyVault.
• Have the intrinsic quality to want to continuously improve and do better
• Hands-on and can-do mentality
• Feeling of ownership
• Good communication and presentation skills
• Team player
• Able to express ideas effectively in individual and group situations.
• Able to execute a task in a good manner and with good results with limited supervision
• Strong skills in scripting and automation, Infrastructure-as-Code and using CI/CD concepts.
• Experience with pipeline tooling for automated deployments and applying security controls. Experience with
• Experience with infrastructure orchestration tools such as Terraform and other cloud-specific infrastructure automation tools (Azure Resource Manager, Google Cloud Deployment Manager) to automate the creation of staging, testing and production environments.
• Work experience from large, international companies and have dealt with or worked for global service providers.

• Certified Information System Security Professional (CISSP) Preferred
• Certified Ethical Hacker (CEH) Preferred

• Microsoft Azure Security related certifications Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Information Protection Administrator Associate, or Microsoft Certified: Security Operations Analyst Associate) Preferred
• Certified Cloud Security Professional (CCSP) Preferred
• Certificate of Cloud Security Knowledge (CCSK) Preferred
• Global Information Assurance Certification (GIAC) Preferred

• Standing Occasionally
• Walking Occasionally
• Sitting Constantly
• Lifting Rarely 20 lbs
• Carrying Rarely 20 lbs
• Pushing Rarely 20 lbs
• Pulling Rarely 20 lbs
• Climbing Rarely 20 lbs
• Balancing Rarely
• Stooping Rarely
• Kneeling Rarely
• Crouching Rarely
• Crawling Rarely
• Reaching Rarely
• Handling Occasionally
• Grasping Occasionally
• Feeling Rarely
• Talking Constantly
• Hearing Constantly
• Repetitive Motions Frequently
• Eye/Hand/Foot Coordination Frequently