Quick Summary
Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access.
Education and Experience Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.
CMG Financial is hiring a Security Engineer for our cloud environment to help secure our Azure-primary cloud and the hybrid environment that supports one of the nation's largest privately held mortgage lenders. Working within the Information Security team, you will harden cloud posture, tighten identity and access, and build the detection and automation that keep our environment defensible. This role is built for growth: you will own meaningful cloud security work from the start and expand your scope and depth over time. It operates in a highly regulated lending environment, subject to regulatory examinations and investor and agency audits.
ESSENTIAL DUTIES and RESPONSIBILITIES, includes the following responsibilities, but not limited to:
- Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access.
- Enforce preventative guardrails with Azure Policy and benchmark configuration against CIS Benchmarks and the NIST Cybersecurity Framework.
- Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access, and run periodic access reviews and attestations.
- Use Microsoft Purview and Defender for Cloud data-aware posture (DSPM) to classify and protect sensitive cloud data.
- Embed security into Terraform and GitHub Actions pipelines, including IaC scanning, policy-as-code, and secrets management.
- Support threat modeling and secure design reviews for new and changing cloud workloads.
- Engineer Microsoft Sentinel data ingestion (data connectors, Data Collection Rules and Endpoints) and build detections.
- Integrate Microsoft Defender for Cloud and Defender XDR signals into Sentinel for unified detection and response.
- Support cloud threat hunting, incident response, and automation of enrichment and remediation.
- Map cloud controls to recognized frameworks and produce control evidence for regulatory examinations and investor and agency audits.
REQUIRED QUALIFICATIONS:
Education and Experience
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.
- 3+ years in cloud security or cloud engineering, including hands-on Microsoft Azure security.
Core Cloud Security Skills (Azure)
- Microsoft Defender for Cloud, Azure Policy, and Microsoft Entra ID (Azure RBAC, PIM, Conditional Access).
- Cloud security posture management (CSPM/CNAPP), with the ability to find and remediate misconfigurations and excessive access.
DevSecOps and Automation
- Infrastructure-as-Code with Terraform and CI/CD security in GitHub Actions.
- Scripting and automation with Python, PowerShell, and KQL. Using GenAI to generate and validate scripts is welcomed and approved.
Detection and Monitoring
- Microsoft Sentinel, including Log Analytics ingestion (data connectors, DCR/DCE).
- Security architecture, design review, and threat modeling, with working knowledge of NIST CSF and CIS Benchmarks.
Preferred Certifications
- AZ-500, SC-100, or a relevant GIAC credential (GCSA, GCDA, or GCFR).
Nice to Have
- Hands-on AWS security (the role is Azure-primary; AWS is a plus).
- GitHub Advanced Security (GHAS); container and Kubernetes (AKS) security.
- Secrets and key management (Azure Key Vault).
- Experience in financial services, mortgage, or other highly regulated industries, including producing audit and examination evidence.
SUPERVISORY RESPONSIBILITIES:
Direct Reports: N/A
PHYSICAL and ENVIRONMENTAL CONDITIONS
This role operates in an ADA compliant office environment, utilizing typical office equipment and tasks including computer work. The position may involve partial stationary positions and moving throughout the day. Flexibility to work overtime to meet project deadlines is required.
Base Compensation Information – This role is a remote position that is currently allocated for candidates within geographic regions that do not currently require base wage disclosure. The compensation range for this position will be provided upon request. (Due to their geographic location, residents of the states of CA & CO, and for NY are excluded from this role at this time.)
Location & Eligibility
Listing Details
- Posted
- July 1, 2026
- First seen
- July 8, 2026
- Last seen
- July 8, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 29%
- Scored at
- July 8, 2026
Signal breakdown
Please let cmgfi know you found this job on Jobera.
3 other jobs at cmgfi
View all →Explore open roles at cmgfi.
Similar It Security Engineer jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.