Senior Cloud Security Engineer

About Us

ISTARI is a strategic cybersecurity advisory company with a bold vision: to curate the defining cybersecurity ecosystem of our time - uniting enterprise, academia, government, and innovators to build collective resilience.

At the heart of this mission, ISTARI helps clients achieve lasting organisational cyber resilience by convening and applying world-class talent, expertise, and innovation through a uniquely powerful network, with ISTARI as the central orchestrator.

The Opportunity

The Senior Cloud Security Engineer will play a critical role within the client's Architecture & Engineering function, providing deep technical expertise and architectural insight to secure cloud platforms and enable effective security operations. The role focuses on designing, engineering, and operationalising cloud security controls across Azure environments, ensuring alignment with Zero Trust principles, regulatory requirements, and the broader cybersecurity strategy.

This is an
11-month contractor role
, operating within the Architecture & Engineering function and partnering closely with development teams, platform engineering, and security operations.

What You'll Do

• Provide hands-on expertise and architectural guidance across Azure Front Door (AFD), Web Application Firewall (WAF), and Microsoft Defender for Cloud (DFC), ensuring secure configuration and effective policy enforcement.
• Deliver cloud security architecture advisory for Microsoft Azure, including landing zone governance, network segmentation, identity-centric security, and Zero Trust implementation.
• Design, develop, and maintain security blueprints and reference architectures for cloud workloads, APIs, and containerised platforms (e.g., Kubernetes, Docker).
• Review and strengthen Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) policies to continuously identify and remediate misconfigurations, vulnerabilities, and policy violations.
• Engineer and enforce cloud-native security controls, including encryption, key management, secure logging, and monitoring aligned with NIST, CIS benchmarks, and industry best practice.
• Engineer and enforce the integration of cloud telemetry (audit logs, network flow logs, API activity) into Microsoft Sentinel to enable centralised monitoring, correlation, and detection.
• Develop and tune cloud-specific detection use cases addressing risks such as privilege escalation, anomalous user behaviour, lateral movement, and data exfiltration.
• Partner closely with DevOps and Platform Engineering teams to embed security into CI/CD pipelines and enforce secure Infrastructure-as-Code (IaC) patterns.
• Provide cloud incident response expertise, supporting investigations involving compromised credentials, API abuse, insecure configurations, and advanced cloud-native threats.
• Produce cloud security posture, compliance, and risk reports, mapping control effectiveness against frameworks such as NIST CSF, ISO 27001, and applicable regulatory requirements (e.g., HIPAA, PCI, GDPR).
• Advise on emerging cloud technologies and patterns, including serverless architectures, AI/ML workloads, and cross-cloud governance strategies.

What You'll Bring

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related discipline (or equivalent practical experience).
• 7+ years' experience in cybersecurity, with 5+ years focused on cloud security engineering and architecture in Microsoft Azure environments.
• Strong hands-on experience with Azure security services, including Azure Front Door/WAF, Defender for Cloud, Azure Networking, and Azure Monitor.
• Proven experience implementing CSPM and CWPP capabilities in enterprise-scale cloud environments.
• Solid understanding of Zero Trust architecture, cloud identity and access management, and secure networking principles.
• Familiarity with NIST, CIS, ISO 27001, and cloud security regulatory considerations.

Preferred Certifications

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Azure Solutions Architect Expert
• CISSP, CCSP, or equivalent cloud/security certifications (preferred, not mandatory)

Engagement Details

• Engagement Type:
  Contractor (11-month fixed-term engagement)
• Duration:
  February 2026 – December 2026 (extendable)
• Location Preference:
  US East Coast or Central
• Work Authorisation:
  Must hold valid authorisation to work in the US