Cloud Security Engineer
Indexed description
This position is ideal for someone who can operate in a lean security team, work collaboratively with engineering, and proactively strengthen security-by-design across the DOCOsoft SaaS platform as we expand our Azure footprint and continue maturing our cloud security controls.
Responsibilities
- Administer and optimize Microsoft Defender (Cloud, Identity, Endpoint) and Azure-native security tools; manage identity and access using Conditional Access, Entra ID Governance, and PIM.
- Maintain hardening standards across Azure resources (Key Vault, Storage, App Services, VMs, networking) and improve Azure Secure Score in line with internal policies and ISO 27001.
- Support secure design and review of Azure PaaS/IaaS workloads; advise on network security, API protection, encryption, segmentation, and Zero Trust; conduct threat modelling to embed security-by-design.
- Integrate security into CI/CD pipelines and GitHub workflows; assess Terraform/Bicep IaC and enforce policy-as-code (Azure Policy, GitHub Advanced Security); implement automated guardrails to reduce misconfigurations and strengthen compliance.
- Identify and remediate cloud vulnerabilities with engineering; support internal/external audits, maintain documentation and compliance evidence, and contribute to third-party risk assessments and customer security reviews.
- Enhance monitoring with Azure Monitor, Log Analytics, and Sentinel; develop KQL queries, dashboards, and detection rules; investigate alerts, manage incidents, support remediation and root cause analysis, and maintain cloud-specific incident response playbooks.
- Bachelor’s degree in Computer Science engineering, or related field.
- 4+ years in MS Azure cloud engineering with at least 2 years in MS Azure security engineering roles
- Strong hands-on experience with Azure security tools (Defender for Cloud, Sentinel, Entra ID, Key Vault, Azure Firewall, WAF, NSGs).
- Proficiency in Kusto Query Language (KQL) for Log analysis, threat hunting, and developing security detections in Sentinel and Log Analytics.
- Understanding of Azure networking, identity, encryption, and cloud governance.
- Experience with IaC security for Bicep (Terraform acceptable) and DevSecOps practices.
- Desirable Certifications: AZ‑500, SC‑200, SC‑100
- Knowledge of OWASP Top 10, secure coding, and secure API practices.
- Strong documentation, analytical, and communication skills.
- Familiarity with ISO 27001, ISO 22301 SOC 2, GDPR, and cloud security best practices.
Here’s What We Have To Offer
DOCOsoft aspires to be a market leader in the technology sector, and we are always looking for new ways to approach projects or improve existing content. We look to hire people that will help us achieve this with hard work, enthusiasm and an expression of their own ideas.
We offer our people the opportunity to impact our growing business- everyone’s contribution matters! A team environment that is focused on the creation and delivery of great products for our clients. Exciting challenges to grow and enhance their skills and a competitive pay and benefits package including;
- 25 days Annual Leave,
- Private pension,
- Bonus scheme,
- Private health,
- Life assurance.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search