Lead Azure AI Security Engineer
Indexed description
We are seeking a Lead Azure AI Security Engineer to provide technical leadership and subject matter expertise in securing Azure and Microsoft cloud environments at enterprise scale. In this role you will design and improve security architecture while leveraging AI-powered tools to automate and enhance daily security engineering activities across hybrid and multi-cloud environments.
Responsibilities
- Provide technical leadership and subject matter expertise in securing Azure and Microsoft cloud environments at enterprise scale
- Design, implement and improve security architecture across Azure, Microsoft 365, Microsoft Entra ID, hybrid and multi-cloud environments, with Azure as the primary cloud platform
- Work across key cloud security domains including CSPM/CNAPP, Identity and Access Management, Privileged Access Management, Data Protection and Data Loss Prevention, Microsoft Defender security stack, SIEM/SOAR, Business Continuity and Disaster Recovery, DevSecOps, container and Kubernetes security and policy-as-code
- Plan, design and implement security controls for cloud workloads, applications, infrastructure and data
- Collaboration with engineering, infrastructure, development, DevOps, database, operations and compliance teams to embed security into the full delivery lifecycle
- Support implementation and continuous improvement of Zero Trust architecture, secure authentication, conditional access, least privilege and identity protection
- Develop and maintain automation scripts, workflows and security tooling using PowerShell, Python, Azure CLI, Logic Apps, Azure Functions, KQL and REST APIs
- Use AI-powered tools and agentic workflows to automate and improve security activities such as findings triage, log analysis, incident investigation support, configuration review, compliance evidence collection and vulnerability analysis
- Design or integrate AI agents and AI-assisted automations using modern AI platforms and frameworks while ensuring proper security, privacy and governance controls
- Contribute to secure adoption of AI technologies by defining guardrails for data protection, access control, prompt security, model usage, auditability and human-in-the-loop processes
- Train and support other team members on cloud security practices, security processes and AI-assisted automation approaches
Requirements
- 3+ years of experience in software development
- Bachelor's degree in Computer Science, Information Security, Engineering or equivalent practical experience
- Hands-on experience with Microsoft Azure services
- Strong understanding of cloud security concepts, Azure architecture and enterprise-scale cloud environments
- Practical experience with Microsoft Entra ID/Azure Active Directory, Microsoft Defender for Cloud and Microsoft Defender XDR
- Skills in Microsoft Sentinel, Microsoft Purview and Microsoft Intune
- Proficiency in Conditional Access, Identity Protection and Privileged Identity Management
- Competency in Key Vault, Azure Policy and Azure Monitor/Log Analytics
- Strong engineering background including experience with Active Directory, Microsoft Entra ID, Microsoft 365, Exchange Online and hybrid identity
- Security engineering experience in at least one business or technology domain along with participation in at least several production projects
- Understanding of software development lifecycle, DevOps/DevSecOps practices, cloud security assessment methodologies and secure-by-design principles
- Ability to work closely with developers, business analysts, QA engineers, architects, project managers, infrastructure and operations teams and to follow, maintain and improve defined security processes
- Practical understanding of AI-assisted productivity and automation including building or configuring AI agents, integrating LLMs with tools, APIs and workflows, prompt engineering and using AI tools securely with awareness of sensitive data handling
- Good communication skills and ability to explain security risks, technical decisions and remediation plans to both technical and non-technical stakeholders
Nice to have
- Skills in scripting and automation using PowerShell, Python, Bash, Azure CLI, Terraform or Bicep
- Familiarity with SIEM/SOAR platforms, especially Microsoft Sentinel, KQL and Logic Apps
- Experience with CNAPP/CSPM/CWPP/CIEM tools such as Prisma Cloud, Wiz and Orca or Lacework, Check Point CloudGuard and CrowdStrike or Tenable and Rapid7
- Understanding of compliance frameworks such as ISO 27001, NIST and CIS Benchmarks or PCI DSS, HIPAA and HITRUST
- Knowledge of container and Kubernetes security including AKS, container registries and image scanning
- Familiarity with AI/LLM platforms such as Azure OpenAI, Azure AI Foundry and Microsoft Copilot Studio or Semantic Kernel, LangChain and AutoGen
- Understanding of AI security risks including data leakage, prompt injection, excessive agency and AI supply chain risks
- Experience implementing AI governance and secure AI usage policies aligned with frameworks such as NIST AI RMF, OWASP Top 10 for LLM Applications or ISO/IEC 42001
- AZ-500, SC-100, SC-200
- SC-300, SC-400, AZ-104
- AZ-305, CISSP, CISM
- CISA, CCSK, CCSP, SSCP
- AI-900, AI-102, PL-900/PL-200
We offer
- We gather like-minded people:
- Top tech minds driving innovation in AI, cloud and digital platform modernization
- Supportive team and agile, startup-like culture
- Hybrid by design mode and opportunity to work remotely within Poland
- Chance to work abroad for up to 60 days annually
- Business-driven relocation opportunities
- We provide growth opportunities:
- Career development programs
- Thought leadership, mentoring, soft skills and well-being programs
- Certification (Anthropic, Gemini, GCP, Azure, AWS)
- English classes
- We cover it all:
- Stable pay
- Participation in the Employee Stock Purchase Plan with a 15% discount
- Benefits package (health insurance, multisport, shopping vouchers)
- Referral bonuses up to $2,000
- Offices featuring entertainment and relaxation zones, table tennis and football, free snacks, coffee and more
- Corporate, social and well-being events
- Please, note:
- Benefits listed above are available to employees only
- We are open for working with Contractors. Terms of B2B cooperation agreements are agreed individually
- We will reach out to selected candidates exclusively
EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search