Security Engineer (Azure Government)

TL;DR

Security Engineer (Azure Government): Designing, implementing, and maintaining robust security controls across Azure Gov Cloud environments with an accent on achieving and maintaining compliance with government regulations like FedRAMP and CMMC. Focus on building and strengthening cloud security posture, leveraging Microsoft native security tools for threat detection, incident response, and embedding security throughout the development lifecycle.

Location: Palo Alto, CA; Washington, D.C. Active U.S. security clearance or eligibility to obtain one is required.

Salary: $180,000 - $440,000 USD

Company

hirify.global is a small, highly motivated company focused on creating AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge.

What you will do

• Implement, design, and manage security architecture for Azure Government and Commercial deployments (DoD IL5/IL6 and FedRAMP High controls).
• Configure and optimize Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint for threat detection and automated response.
• Design and enforce identity & access management using Microsoft Entra ID, PIM, Conditional Access policies, and RBAC.
• Secure network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), and private endpoints.
• Protect data at rest and in transit via Azure Key Vault, encryption strategies, and data classification.
• Develop and maintain security policies and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs).

Requirements

• Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one.
• 3+ years of experience in cloud security, cybersecurity engineering, or related roles with a strong Azure focus.
• Deep hands-on expertise with core Azure security services: Microsoft Defender suite, Sentinel, Intune, Entra ID, Key Vault, Azure Policy, Firewall, Network Watcher, and Purview.
• Strong understanding of DLP implementation both in cloud and on endpoints utilizing Purview and other Microsoft native controls.
• Experience implementing security in hybrid/multi-cloud environments.
• Proficiency in scripting/automation (PowerShell, Azure CLI, Bicep/ARM templates, Terraform).
• Strong understanding of identity federation, zero-trust principles, encryption, network security, and vulnerability management.
• Familiarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs) and regulatory requirements.
• Excellent problem-solving, analytical, and communication skills.

Nice to have

• Microsoft Certified: Azure Security Engineer Associate (AZ-500) or Microsoft Cybersecurity Architect (SC-100).
• Additional relevant certifications (e.g., CISSP, CCSP, AWS Security Specialty, SANS GCPS, SANS GCAD).
• Deep experience with detection and response engineering and SOC operations.
• Knowledge of container security (Docker, AKS), secure DevOps, or AI/ML workload protection.
• Prior experience in government regulations frameworks such as FedRAMP and CMMC.

Culture & Benefits

• Small, highly motivated team focused on engineering excellence and curiosity.
• Flat organizational structure where all employees are hands-on and contribute directly.
• Leadership given to those who show initiative and consistently deliver excellence, with an emphasis on strong work ethic and prioritization.
• Expectation of strong communication skills to concisely and accurately share knowledge.
• Comprehensive medical, vision, and dental coverage.
• Access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.