security engineer
генерация резюме под вакансию
сопроводительное письмо
описание
No description
задачи
- Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions;
- Remediate misconfigurations and excessive access;
- Enforce preventative guardrails with Azure Policy and benchmark against CIS Benchmarks and NIST CSF;
- Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access;
- Conduct periodic access reviews;
- Use Microsoft Purview and Defender for Cloud DSPM to classify and protect sensitive cloud data;
- Embed security into Terraform and GitHub Actions pipelines including IaC scanning, policy-as-code, and secrets management;
- Support threat modeling and secure design reviews for new and changing cloud workloads;
- Engineer Sentinel data ingestion and build detections;
- Integrate Defender for Cloud and Defender XDR signals into Sentinel for unified detection and response.
требования
- 3+ Years of experience in cloud security or cloud engineering with hands-on Azure security expertise;
- Proficiency in Microsoft Defender for Cloud, Azure Policy, and Microsoft Entra ID;
- Experience with CSPM/CNAPP, including identifying and fixing misconfigurations;
- Expertise in Terraform (IaC) and CI/CD security in GitHub Actions;
- Scripting and automation skills in Python, PowerShell, and KQL;
- Experience with Microsoft Sentinel and Log Analytics ingestion;
- Knowledge of security architecture, design review, threat modeling, NIST CSF, and CIS Benchmarks;
- Nice to have: AZ-500, SC-100, or GIAC credentials (GCSA, GCDA, GCFR), hands-on AWS security, GitHub Advanced Security (GHAS), container/Kubernetes (AKS) security, secrets and key management (Azure Key Vault).
условия
- No conditions specified
навыки
Если просят войти через iCloud, отправить коды из SMS, запустить код, что-то установить, перевести деньги или сделать что угодно, связанное с деньгами, не соглашайтесь: это признаки мошенничества.