Job Details

Summary:
Hands-on Security Engineer supporting the operationalization of NIST SP 800-53 controls within an Azure Public Cloud environment. Responsible for implementing and validating NIST SP 800-53 controls while guiding Cloud Engineering and Cybersecurity teams to ensure secure, complaint, and audit-ready deployments aligned to ATO and continuous monitoring requirements. Must have deep knowledge of Microsoft security capabilities, including the full Defender suite.

Key Responsibilities:

• Support implementation and operationalization of NIST SP 800-53 controls in Azure Public Cloud.
• Translate NIST SP 800-53 and RMF requirements into Azure-native configurations, guardrails, and engineering backlog items.
• Provide technical security guidance to Cloud Engineering, DevOps, Infrastructure, and Cyber teams to ensure compliant architectures and deployments.
• Implement and validate controls across:
  • Microsoft Entra ID (RBAC, PIM, Conditional Access, identity governance)
  • zure Policy and governance initiatives o Network security (NSGs, Azure Firewall, Private Endpoints, segmentation)
  • Encryption and key management (Key Vault, CMK, TLS) o Logging, monitoring, and SIEM integrations.
• Leverage and configure Microsoft security solutions including:
  • Microsoft Defender for Cloud
  • Defender for Endpoint
  • Defender for Identity
  • Defender for Office 365
  • Defender for Cloud Apps
  • Microsoft Sentinel.
• Contribute to SSP updates, control narratives, evidence collection, and POA&M tracking.
• Perform control gap assessments and support remediation execution.
• Support independent assessments and ongoing continuous monitoring activities.

Required Qualifications:

• This role requires strong Azure technical depth, comprehensive knowledge of Microsoft security controls, and the ability to both execute hands-on security configurations and guide cross-functional teams in operationalizing compliance.
• 5+ years in security engineering with strong Azure Public Cloud security experience.
• Direct experience supporting regulated high- or moderate-baseline cloud environments.
• Deep working knowledge of NIST SP 800-53 and RMF.
• Strong expertise across Microsoft security controls and the Microsoft Defender ecosystem.
• Experience supporting audit readiness and ATO lifecycle processes.

Preferred Qualifications:

• zure Security Engineer Associate (AZ-500) or equivalent.
• CISSP, CCSP, CAP, or similar certification.
• Experience automating compliance using Azure Policy, ARM/Bicep, or Terraform.
• Familiarity with Zero Trust architecture in Microsoft environments.

dditional Information:

• Duration: 12 month contract opportunity
• Hybrid Work Model: 4 days onsite required weekly in NYC or downtown Pittsburgh office
• Rate Range: $85-90/hr. W2 (based on experience)