Cloud Security Engineer

What is a Cloud Security Engineer?

A Cloud Security Engineer is responsible for designing, implementing, and maintaining secure cloud environments. This role ensures that cloud infrastructure—primarily within Microsoft Azure—is architected and operated in a way that aligns with security best practices, compliance requirements, and organizational risk tolerance, while enabling the business to scale efficiently and securely.

What does a Cloud Security Engineer do?

• Partners with Cloud Engineering and Infrastructure teams to design and implement secure, scalable Azure architecture

• Embeds security controls and best practices into cloud deployments, including networking, identity, and data protection

• Evaluates and hardens Azure services such as Virtual Networks, NSGs, Azure AD (Entra ID), Key Vault, Storage Accounts, and compute resources

• Reviews and provides security guidance on infrastructure-as-code (IaC) deployments (e.g., Bicep, ARM, Terraform)

• Monitors, triages, and remediates security findings from tools such as Microsoft Defender for Cloud, SIEM/SOAR platforms, and vulnerability scanners

• Acts as a primary liaison between Security and Cloud teams to drive timely remediation of vulnerabilities and misconfigurations

• Analyzes results from third-party security assessments, penetration tests, and audits, and coordinate remediation efforts

• Develops and maintains cloud security standards, baselines, and guardrails aligned to frameworks (e.g., CIS, NIST, Microsoft CAF)

• Implements and manages identity and access controls using Azure AD / Entra ID, including RBAC, Conditional Access, and Privileged Identity Management (PIM)

• Ensures secure configuration of logging, monitoring, and alerting across Azure environments

• Supports incident response efforts related to cloud security events and help improve detection and response capabilities

• Collaborates with IAM and Security Governance teams to enforce least privilege and strong identity controls in the cloud

• Drives continuous improvement by identifying opportunities for automation, policy enforcement, and security posture enhancements

• Stays current on Azure security capabilities, emerging threats, and industry best practices

• Provides support for storm restoration efforts

What does it take to be a Cloud Security Engineer?

Required:

• Bachelor’s degree in Computer Science, Information Technology or related field of study and relevant work experience in information security or a closely related domain. In lieu of a bachelor’s degree, an associate’s degree in the aforementioned fields with 5 years of information security or closely related experience or a high school diploma or equivalency degree and 5 years of information security to closely related experience will be considered.

• Proven experience with Security Architecture and Engineering

• Proven experience with creating and maintaining external and internal relationships with key stakeholders

• Strong understanding of cybersecurity frameworks, standards, and best practices

• Proficient in security technologies, including Cloud Security, Azure security solutions, SIEM solutions, IDS/IPS, firewalls, email security, and endpoint protection

• Excellent communication skills, with the ability to collaborate effectively with diverse teams

• Familiarity with regulatory requirements and compliance frameworks

• Analytical mindset with the ability to assess complex situations and make informed decisions

• A strong background with an understanding of the intersection between business and Information Security to improve security practices

• A results-oriented mindset with the ability to solve problems and make decisions

• Risk-based mindset with the ability to balance security with business enablement

• Ability to work with limited direct supervision and professionally respond to constructive feedback

• Valid driver’s license

Preferred:

• Experience in the energy and utility industry, services industry, or a regulated or co-sourced environment

• Deep hands on experience with Microsoft Azure services and security controls

• Strong understanding of Cloud Security architecture principles

• Experience with Microsoft Defender for Cloud, Microsoft Sentinel and other cloud-native security tools

• Proficiency in Azure networking

• In-depth knowledge of National Institute of Standards and Technology (NIST) Cybersecurity Framework and 20 Critical Security Controls, NERC Critical Infrastructure Protection (NERC CIP)

• Strong knowledge of computer systems, information security software and hardware components, network systems, databases, and information security safeguards

• Relevant certifications such as Azure Security Engineer Associate, Azure Solutions Architect, CISSP, CCSP, AZ-500 or SC-100

Applications will be accepted until May 29, 2026. 

This position has a career path which allows for advancement opportunities within the Information Security Analyst job series. The title and level are commensurate with experience. Pay range: $73,000 - $171,300

Please go to https://www.cenhud.com/employment. Click the “Search Career Opportunities” button. Follow the directions to submit an application and upload your resume for the desired position.

Applications sent via e-mail and US Mail will not be accepted.  No phone calls or agencies, please.  All replies will be held in strict confidence.

All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance employment in individuals who are protected veterans and individuals with disabilities.

VEVRAA FEDERAL CONTRACTOR