-
Core Specialty is seeking a Senior Azure Cyber Security Engineer to serve as a hands-on technical leader and subject matter expert within the Cyber Security Engineering function. This is a senior individual contributor role with no direct reports, focused on designing, implementing, and operating security controls across Azure, identity, endpoint, cloud application, and network security domains. This role operates in a fast-paced, high-volume environment with a broad and evolving security landscape. The ideal candidate is comfortable balancing strategic security initiatives with day-to-day operational engineering work, operates with minimal direction, and proactively identifies gaps, proposes solutions, and executes with a strong sense of ownership.
The selected candidate will be required to work a hybrid schedule (3 days in office/2 remote) out of our Dallas, TX, or Cincinnati, OH office. No relocation assistance is being offered with this role.
Key Accountabilities/
Deliverables
:
Cloud Security Engineering & Program Maturation
Serve as a senior technical contributor driving the maturation of Core Specialty’s Azure security posture
Identify gaps in cloud security controls, define remediation approaches, and deliver measurable improvements
Act as a technical escalation point for complex security engineering challenges and incidents
Partner with IT, GRC, and business stakeholders to align security engineering solutions with risk objectives
Balance work across multiple concurrent projects and BAU (business-as-usual) security operations
Azure Security & Policy Engineering
Design, implement, and manage Azure Policy definitions, initiatives, and assignments to enforce security baselines and regulatory requirements
Engineer and maintain security configurations across Azure services, including Azure Firewall, Network Security Groups (NSGs), Key Vault, and Microsoft Defender for Cloud
Develop and operationalize monitoring, alerting, and remediation workflows for Azure policy non-compliance
Cloud Application Security
Define and enforce cloud application security policies using Microsoft Defender for Cloud Apps (MDCA)
Implement Conditional Access App Control for real-time session enforcement across SaaS applications
Establish cloud application risk scoring, usage policies, and data exfiltration controls
Partner with business units to assess and onboard new cloud applications with appropriate security guardrails
Identity & Access Management
Architect and manage Microsoft Entra ID (Azure AD) security configurations, including: Conditional Access, Privileged Identity Management (PIM), Access reviews and identity governance, Role-based access control (RBAC)
Govern identity lifecycle and entitlement management across Azure and integrated SaaS platforms
Support identity security governance in AWS IAM, including federation and cross-cloud identity considerations
Network Security Engineering
Design and manage Azure-native network security controls, including: Azure Firewall, Azure Front Door, Azure WAF, Azure DDoS Protection, VNets, Private Endpoints, and NSGs
Support perimeter and segmentation security using Palo Alto Networks firewalls and Panorama
Manage and support Cloudflare security services (WAF, DDoS, DNS security, ZTNA, Bot Management)
Collaborate with network engineering teams to ensure designs align with zero trust principles
Endpoint Security & Intune Engineering
Design, deploy, and manage Microsoft Intune security policies at scale, including: Device compliance and configuration profiles, Endpoint protection and ASR rules, Application Protection Policies (MAM), Windows Autopilot and enrollment controls
Maintain endpoint security baselines aligned with CIS benchmarks
Support integration and operational transition to SentinelOne as the primary EDR platform
Partner with IT operations to safely test and deploy endpoint security changes
Incident Response & Documentation
Act as a senior technical escalation point during security incidents
Contribute to incident response playbooks and post-incident reviews
Produce high-quality technical documentation, including: Security architecture diagrams, SOPs and runbooks, Policy rationale and audit artifacts
Technical Knowledge and Understanding:
Working knowledge of AWS IAM, federation (SAML/OIDC), and cross-cloud identity concepts
Strong understanding of cloud architecture, networking fundamentals, and zero trust principles
Excellent technical documentation and written communication skills
Ability to operate independently in a fast-moving environment with evolving priorities
Excellent communication, analytical thinking, and problem-solving abilities.
Certifications (Preferred)
AZ-500, SC-100, SC-200
CISSP
PCNSE
AWS Security Specialty
Relevant GIAC certifications
Experience:
Required Qualifications
5+ years of progressive experience in cybersecurity engineering
Deep expertise in Microsoft Azure security and the Microsoft security ecosystem
Hands-on experience with: Azure Policy (JSON), Intune, Entra ID (Conditional Access, PIM, RBAC), Microsoft Defender for Cloud and Defender for Cloud Apps
Functional experience with network security platforms, including Palo Alto Networks and Cloudflare
Strong background with Azure components
Preferred Qualifications
Experience in insurance, financial services, or other regulated industries
Familiarity with NAIC Model Laws, SOX, and insurance regulatory requirements
Experience with NIST CSF, CIS Controls, or ISO 27001
Infrastructure-as-Code experience (Terraform, Bicep, ARM)
PowerShell and/or KQL for automation and investigation
Experience with Microsoft Purview, DLP, or information protection
Familiarity with CI/CD and DevSecOps practices
Cloudflare Zero Trust experience
Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa for this position.
#LI-Hybrid
-
At Core Specialty, you will receive a competitive salary and opportunities for professional development and advancement. We offer medical, dental, vision, and life insurances; short and long-term disability; a Company-match of 100% of a 6% contribution 401(k) plan; an Employee Assistance Plan; Health Savings Account, Flexible Spending Account, Health Reimbursement Account, and a wellness program