cmgfi
cmgfi7d ago
New

Senior DevOps Engineer

EngineeringDevops Engineer
0 views0 saves0 applied

Quick Summary

Key Responsibilities

Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access.

Requirements Summary

Education and Experience Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.

Technical Tools
EngineeringDevops Engineer

CMG Financial is hiring a Security Engineer for our cloud environment to help secure our Azure-primary cloud and the hybrid environment that supports one of the nation's largest privately held mortgage lenders. Working within the Information Security team, you will harden cloud posture, tighten identity and access, and build the detection and automation that keep our environment defensible. This role is built for growth: you will own meaningful cloud security work from the start and expand your scope and depth over time. It operates in a highly regulated lending environment, subject to regulatory examinations and investor and agency audits.

 

 

 

 

ESSENTIAL DUTIES and RESPONSIBILITIES, includes the following responsibilities, but not limited to:

 

 

  • Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access.
  • Enforce preventative guardrails with Azure Policy and benchmark configuration against CIS Benchmarks and the NIST Cybersecurity Framework.
  • Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access, and run periodic access reviews and attestations.
  • Use Microsoft Purview and Defender for Cloud data-aware posture (DSPM) to classify and protect sensitive cloud data.
  • Embed security into Terraform and GitHub Actions pipelines, including IaC scanning, policy-as-code, and secrets management.
  • Support threat modeling and secure design reviews for new and changing cloud workloads.
  • Engineer Microsoft Sentinel data ingestion (data connectors, Data Collection Rules and Endpoints) and build detections.
  • Integrate Microsoft Defender for Cloud and Defender XDR signals into Sentinel for unified detection and response.
  • Support cloud threat hunting, incident response, and automation of enrichment and remediation.
  • Map cloud controls to recognized frameworks and produce control evidence for regulatory examinations and investor and agency audits.

 

 

 

REQUIRED QUALIFICATIONS:

 

Education and Experience

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.
  • 3+ years in cloud security or cloud engineering, including hands-on Microsoft Azure security.

Core Cloud Security Skills (Azure)

  • Microsoft Defender for Cloud, Azure Policy, and Microsoft Entra ID (Azure RBAC, PIM, Conditional Access).
  • Cloud security posture management (CSPM/CNAPP), with the ability to find and remediate misconfigurations and excessive access.

DevSecOps and Automation

  • Infrastructure-as-Code with Terraform and CI/CD security in GitHub Actions.
  • Scripting and automation with Python, PowerShell, and KQL. Using GenAI to generate and validate scripts is welcomed and approved.

Detection and Monitoring

  • Microsoft Sentinel, including Log Analytics ingestion (data connectors, DCR/DCE).
  • Security architecture, design review, and threat modeling, with working knowledge of NIST CSF and CIS Benchmarks.

Preferred Certifications

  • AZ-500, SC-100, or a relevant GIAC credential (GCSA, GCDA, or GCFR).

Nice to Have

  • Hands-on AWS security (the role is Azure-primary; AWS is a plus).
  • GitHub Advanced Security (GHAS); container and Kubernetes (AKS) security.
  • Secrets and key management (Azure Key Vault).
  • Experience in financial services, mortgage, or other highly regulated industries, including producing audit and examination evidence.

 

 

 

SUPERVISORY RESPONSIBILITIES:

Direct Reports: N/A

 

 

PHYSICAL and ENVIRONMENTAL CONDITIONS

This role operates in an ADA compliant office environment, utilizing typical office equipment and tasks including computer work. The position may involve partial stationary positions and moving throughout the day. Flexibility to work overtime to meet project deadlines is required.

 

 

Base Compensation Information– This role is a remote position that is currently allocated for candidates within geographic regions that do not currently require base wage disclosure. The compensation range for this position will be provided upon request. (Due to their geographic location, residents of the states of CA & CO, and for NY are excluded from this role at this time.) 

Location & Eligibility

Where is the job
United States
On-site within the country
Who can apply
US

Listing Details

Posted
July 1, 2026
First seen
July 8, 2026
Last seen
July 8, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
29%
Scored at
July 8, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

cmgfiSenior DevOps Engineer