Cloud Security Engineer

DLB Associates is a premier engineering and consulting firm specializing in innovative, mission-critical solutions across hyperscale data centers, advanced infrastructure, and high-performance building systems. With over four decades of expertise, we partner with some of the world’s most influential companies to design and optimize environments that demand precision, scalability, and resilience.

Join us and be part of a team where your voice matters, your work makes an impact, and your growth is a shared priority.

Position Title

Cloud Security Engineer

Position Location

Remote – work virtually from anywhere in the United States

Salary

AI2IO recognizes salary ranges from job boards do not necessarily reflect our pay ranges. In many instances we out-compete those ranges for well-qualified candidates.

Job Summary

The Cloud Security Engineer is responsible for the hands-on implementation, configuration, and ongoing management of security controls across ai2io’s Microsoft 365 and Azure environments. Working under the direction of the Information Security Manager, this role translates security strategy and architecture decisions into operational reality across a multi-tenant managed services environment.

This is a technically focused, execution-oriented role. The Cloud Security Engineer:

• Implements and maintains security controls across Microsoft Defender, Purview, Entra ID, Intune, and Azure services.
• Remediates security gaps identified through risk assessments, vulnerability scans, compliance audits, and stakeholder security reviews.
• Supports security operations by tuning alerts, building automation, developing runbooks, and providing Tier 2–3 incident response support.
• Collaborates with the Rapid7 MDR team to ensure effective detection coverage, incident escalation, and agent health across all managed environments.
• Assists in maintaining compliance with organizational security standards and applicable frameworks (NIST CSF, CIS Benchmarks, SOC 2).
  
  

The Cloud Security Engineer works closely with the Information Security Manager, operations team, and identity security resources to ensure consistent security posture across all managed tenants.

Essential Functions

Security Control Implementation & Hardening

• Deploy, configure, and tune Microsoft Defender for Endpoint, Identity, Office 365, and Cloud Apps across all managed tenants.
• Implement and maintain endpoint hardening baselines through Intune configuration profiles, compliance policies, and security baselines.
• Configure and manage Microsoft Purview controls including DLP policies, sensitivity labels, retention policies, and insider risk indicators.
• Implement privileged access controls and hardened administrative workstation configurations as directed by the Information Security Manager.
• Deploy and manage Azure security controls including Azure Policy, network security groups, Key Vault configurations, and Private Link implementations.
  
  

Security Operations & Incident Support 

• Monitor and triage security alerts from Microsoft Defender XDR and Rapid7 platforms. 
• Provide Tier 2–3 escalation support for security incidents, coordinating investigation and containment with internal teams and the Rapid7 MDR team. 
• Support Rapid7 Collector and agent deployment, maintenance, and troubleshooting across managed tenants. 
• Assist with vulnerability remediation efforts as needed, coordinating with the operations team on patching and hardening activities. 
• Build and maintain security automation using Azure Automation, Logic Apps, or Rapid7 workflows to improve detection and response efficiency. 

Interested in remote work opportunities in Devops? Discover Devops Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Develop and document runbooks for common security scenarios, alert triage procedures, and incident response workflows. 
• Participate in post-incident reviews and implement corrective actions to prevent recurrence. 
  
  

Compliance Support & Evidence Collection 

• Assist the GRC function with technical evidence collection for SOC 2, NIST CSF, and other compliance initiatives.
• Implement and validate technical controls mapped to compliance framework requirements.
• Support internal security assessments and audits by providing technical documentation and control validation.
• Maintain technical documentation for security configurations, baselines, and standard operating procedures.
  
  

Continuous Improvement 

• Stay current on Microsoft security product updates, new capabilities, and best practices.
• Evaluate and recommend improvements to existing security controls based on threat intelligence, industry developments, and lessons learned.
• Provide knowledge transfer and technical guidance to operations staff on security-related procedures and best practices.
  
  

Completion of Assigned Tasks and Deliverables on Time and on Budget

• Performs Other Related Duties as Assigned
  
  

Position Requirements (Beginner Level for all the Following Unless Otherwise Noted)

• Hands-on experience with Microsoft Defender suite (Endpoint, Identity, Office 365, Cloud Apps) including policy configuration, alert tuning, and incident investigation.
• Experience with Entra ID (Azure AD) including Conditional Access, PIM, RBAC, and application registrations.
• Experience with Microsoft Intune for endpoint management, compliance policies, and configuration profiles.
• Experience with Microsoft Purview controls including DLP, sensitivity labels, and retention policies.
• Experience with Azure security services including Azure Policy, network security groups, Key Vault, and Azure Monitor.
• Experience with vulnerability management or MDR platforms, preferably Rapid7 InsightVM/InsightIDR, including agent deployment and scan configuration.
• Demonstrated understanding of endpoint hardening principles including CIS Benchmarks and Intune security baseline implementation.
• Scripting capability (PowerShell preferred) for automation and administrative tasks.
• Ability to work across multiple Microsoft 365 tenants simultaneously and maintain consistent configurations.
• Strong troubleshooting and analytical skills with the ability to investigate and resolve complex security issues.
• Clear written and verbal communication skills, including the ability to document procedures and explain technical issues to non-technical stakeholders.
• Ability to manage multiple priorities and coordinate remediation activities across teams.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Ability to work effectively both independently and as part of a small, collaborative security team.
  
  

Travel / Relocation Requirements

• Up to 5%, this may include travel to any or all 50 US states
• Travel is defined as physically leaving home on behalf of business activities including but not limited to client sites, meetings with other employees, meeting for business development purposes, running errands on behalf of the business, attending industry conferences, etc.
  
  

Education / Experience Requirements

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related discipline; or equivalent combination of education and experience.
• 3–5 years of hands-on experience in information security, cloud security, or security engineering with a focus on Microsoft 365 and Azure environments.
• Microsoft Security certifications preferred (SC-200, SC-300, SC-400, or AZ-500).
  
  

Benefits

DLB Associates offers a very competitive benefits package; highlights include

• Choice of comprehensive medical plans (including two PPO-style plans and a HDHP w/ HSA option)
• Flex spending accounts (FSA)
• Dental and vision plans
• Comprehensive medical, dental and vision benefits extended to spouse / domestic partner and dependent children up to age 26
• 401k with company match and self-directed brokerage account option
• PTO including additional paid time off during the last week of the year
• Company paid life insurance coverage for employees and their eligible dependents
• Short and long-term disability, AD&D coverage
• Professional development opportunities, tuition reimbursement and professional licensing assistance
• Paid parental leave after one year of employment
  
  

CO, CA, IL, NY, WA, and Washington DC residents only: In accordance with CO, CA, IL, NY, WA, and Washington DC law, the range provided is DLB's reasonable estimate of the base compensation for this role. The actual amount may differ based on non-discriminatory factors such as experience, knowledge, skills, abilities, and location.

DLB Associates is an EEO/Affirmative Action Employer and participates in the E-Verify program with the Department of Homeland Security. We encourage diversity in our workforce.

Are you ready to challenge yourself and redefine standards in the AEC industry? Apply now and join our award-winning team!

Notice To Third Party Agencies

DLB does not accept unsolicited resumes from recruiters, employment agencies, or other staffing services. Unsolicited resumes include any resume or hiring document sent to DLB in the absence of a signed Service Agreement where DLB has expressly requested recruitment/staffing services specific to the position at hand. Any unsolicited resumes, including those submitted to hiring managers or other business leaders, will become the property of DLB and DLB will have the right to hire that candidate without reservation – no fee or other compensation will be owed or paid to the recruiter, employment agency, or other staffing service.

The Pay Range For This Role Is

99,750 - 120,225 USD per year(Remote (United States))