Based in San Ramon, California, CMG Financial is a privately held banking and mortgage firm with operations in most U.S. states. An equal housing lender, CMG Financial specializes
IT Security Engineer - Cloud
Location
United States
Posted
11 days ago
Salary
0
Seniority
Mid Level
Job Description
IT Security Engineer - Cloud
CMG Financial
Role Description CMG Financial is hiring a Security Engineer for our cloud environment to help secure our Azure-primary cloud and the hybrid environment that supports one of the nation's largest privately held mortgage lenders. Working within the Information Security team, you will harden cloud posture, tighten identity and access, and build the detection and automation that keep our environment defensible. This role is built for growth: you will own meaningful cloud security work from the start and expand your scope and depth over time. It operates in a highly regulated lending environment, subject to regulatory examinations and investor and agency audits. - Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access. - Enforce preventative guardrails with Azure Policy and benchmark configuration against CIS Benchmarks and the NIST Cybersecurity Framework. - Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access, and run periodic access reviews and attestations. - Use Microsoft Purview and Defender for Cloud data-aware posture (DSPM) to classify and protect sensitive cloud data. - Embed security into Terraform and GitHub Actions pipelines, including IaC scanning, policy-as-code, and secrets management. - Support threat modeling and secure design reviews for new and changing cloud workloads. - Engineer Microsoft Sentinel data ingestion (data connectors, Data Collection Rules and Endpoints) and build detections. - Integrate Microsoft Defender for Cloud and Defender XDR signals into Sentinel for unified detection and response. - Support cloud threat hunting, incident response, and automation of enrichment and remediation. - Map cloud controls to recognized frameworks and produce control evidence for regulatory examinations and investor and agency audits. Qualifications - Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience. - 3+ years in cloud security or cloud engineering, including hands-on Microsoft Azure security. - Core Cloud Security Skills (Azure): Microsoft Defender for Cloud, Azure Policy, and Microsoft Entra ID (Azure RBAC, PIM, Conditional Access). - Cloud security posture management (CSPM/CNAPP), with the ability to find and remediate misconfigurations and excessive access. - DevSecOps and Automation: Infrastructure-as-Code with Terraform and CI/CD security in GitHub Actions. - Scripting and automation with Python, PowerShell, and KQL. Using GenAI to generate and validate scripts is welcomed and approved. - Detection and Monitoring: Microsoft Sentinel, including Log Analytics ingestion (data connectors, DCR/DCE). - Security architecture, design review, and threat modeling, with working knowledge of NIST CSF and CIS Benchmarks. Requirements - Preferred Certifications: AZ-500, SC-100, or a relevant GIAC credential (GCSA, GCDA, or GCFR). - Nice to Have: Hands-on AWS security (the role is Azure-primary; AWS is a plus). - GitHub Advanced Security (GHAS); container and Kubernetes (AKS) security. - Secrets and key management (Azure Key Vault). - Experience in financial services, mortgage, or other highly regulated industries, including producing audit and examination evidence. Supervisory Responsibilities - Direct Reports: N/A Physical and Environmental Conditions This role operates in an ADA compliant office environment, utilizing typical office equipment and tasks including computer work. The position may involve partial stationary positions and moving throughout the day. Flexibility to work overtime to meet project deadlines is required. Base Compensation Information This role is a remote position that is currently allocated for candidates within geographic regions that do not currently require base wage disclosure. The compensation range for this position will be provided upon request. (Due to their geographic location, residents of the states of CA & CO, and for NY are excluded from this role at this time.)
Related Guides
Related Categories
Related Job Pages
More Cloud Engineer Jobs
• Solve complex challenges as a trusted technical lead. • Drive a DevOps mindset and collaboration within the Cloud Platform Engineering Team. • Develop and enhance cloud reference architectures and guide teams on implementation. • Participate in architectural decisions, improve CI/CD pipelines, and build secure, high-performing, resilient, and efficient cloud infrastructure. • Collaborate with cross-functional teams to streamline delivery processes, enhance services, and provide a seamless experience through self-service and modern approaches. • Mentor and lead team members to achieve excellence in industry best practices. • Lead code and design reviews for high-quality deliverables. • Help plan and coordinate day-to-day team activities using Scrum methodologies, including monitoring and triaging work, defining and tracking KPIs, facilitating team discussions and demos, and removing impediments. • Stay up to date with the latest cloud technologies and trends.
Cloud Engineer
SOS International - SOSiSOS International - SOSi is a family-owned government services integrator providing a range of specialized services that support the national security interests
Role Description SOSi is seeking a Cloud Engineer to support mission requirements for a structured approach to further develop, integrate, and sustain a scalable, federated data ecosystem that enhances interoperability, governance, and mission-driven analytics for a DoD customer. The primary objective of the program is to bridge the operational gaps between DoD, IC, interagency, and non-traditional international partners to enable real-time information sharing, dynamic data integration, and mission-tailored analytical capabilities. - The contractor shall design, deploy, and maintain secure cloud environments in AWS and Azure, ensuring compliance with DoD cloud security frameworks and best practices. - The contractor shall configure identity and access management (IAM) solutions, enforce role-based access controls (RBAC), and manage cloud security groups and firewalls. - The contractor shall optimize cloud networking configurations, including VPC peering, VPNs, and cross-domain connectivity to ensure secure and efficient cloud operations. - The contractor shall support the development of Infrastructure-as-Code (IaC) solutions using Terraform, CloudFormation, or ARM templates to automate secure cloud deployments. - The contractor shall contribute to the Cloud Security & Performance Optimization Report, detailing cloud security configurations, resource utilization efficiencies, and compliance measures. - The contractor shall track and report Kubernetes and other workload-specific cloud resource usage by Work Order, using GovCloud-native observability tools (e.g., Azure Monitor, AWS CloudWatch, Cost Explorer). - The contractor shall coordinate with other Work Order contractors (e.g., WO-003) to reconcile prepay or reservation usage against actual consumption and provide monthly reports on compute and storage allocation, tagging compliance, and projected costs. - The contractor shall advise the Government on workload placement and optimization strategies across IL2, IL4, and IL5 environments to reduce cost while maintaining performance and security compliance. - The contractor shall provision and maintain IL2, IL4, and IL5 GovCloud infrastructure using native Azure and/or AWS tools where feasible. - The contractor shall implement cloud-native services for monitoring (e.g., CloudWatch, Azure Monitor), cost tracking, and compliance automation to support scalability, security, and chargeback alignment. - The contractor shall provision infrastructure in coordination with other Work Orders. - The contractor shall provision and manage shared container environments and storage for dependent Work Orders, ensuring secure, efficient resource allocation and cross-Work Order operability. Qualifications - Knowledge and capability to design, deploy, and maintain GovCloud-based infrastructures across AWS and Azure, ensuring high availability, scalability, and security for mission-critical applications. - Required expertise includes cloud architecture, networking, virtualization, containerization, and security best practices, with proficiency in Infrastructure-as-Code (IaC) solutions such as Terraform or AWS CloudFormation. - Personnel must have experience in hybrid and multi-cloud configurations, including Virtual Private Cloud (VPC) peering, identity management (IAM), and cross-domain solutions. - Strong expertise in the Authority to Operate (ATO) process is required, including preparing security documentation, conducting compliance assessments, and maintaining continuous monitoring per DoD Risk Management Framework (RMF), NIST 800-53 Rev. 5, FedRAMP, and DoD IL-4/IL-5 security mandates. - Personnel must also optimize cloud resources for compute, storage, and networking efficiency while ensuring full compliance with DoD governance policies. - Bachelor’s degree in Computer Science, Information Systems, or a related field, or five (5) years of equivalent experience in cloud engineering. - Personnel must have experience designing, deploying, and managing AWS and Azure cloud environments with a focus on security, automation, and scalability. - Required expertise includes Identity and Access Management (IAM), role-based access control (RBAC), Zero Trust Architecture (ZTA), and cloud networking configurations such as VPC peering, subnets, VPNs, and security groups. - Personnel must demonstrate proficiency in Infrastructure-as-Code (IaC) tools like Terraform, CloudFormation, or ARM templates, ensuring secure and scalable deployments. - Experience supporting Authority to Operate (ATO) processes is required, including preparing System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action & Milestones (POA&M), and maintaining compliance with DoD governance frameworks and NIST requirements. - Personnel must also collaborate with cybersecurity teams to implement security controls in accordance with FedRAMP, RMF, and DoD IL-4/IL-5 security mandates, while optimizing cloud resource allocation for efficiency. Preferred Qualifications - Preferred certifications include AWS Certified Solutions Architect – Associate, Microsoft Certified: Azure Solutions Architect Expert, and Google Professional Cloud Architect. Work Environment - Offsite/Remote. Clearance Requirement - None Compensation - USD 86568 - USD 179795 yearly
Senior Territory Manager, Veeam Cloud and Service Provider
Veeam SoftwareYour Single Backup and Data Management Platform for Cloud, Virtual and Physical
• Own and achieve a revenue-based sales quota by driving new business acquisition, partner expansion, and recurring revenue growth across the assigned VCSP territory. • Recruit, onboard, and develop new Cloud, Hosting, Managed Service, and Service Provider partners into the Veeam Cloud & Service Provider Program. • Grow strategic partner relationships by identifying new business opportunities, expanding Veeam solution adoption, and increasing cloud service consumption. • Build and execute comprehensive partner business plans covering sales, marketing, enablement, go-to-market initiatives, financial objectives, and growth strategies. • Collaborate with Systems Engineers and regional sales teams to qualify opportunities, deliver technical presentations, and successfully close complex sales engagements. • Engage executive stakeholders to develop trusted advisor relationships and position Veeam as the strategic platform for data resilience and cloud services. • Drive partner enablement by helping providers build differentiated Veeam-powered service offerings that deliver business value to their customers. • Maintain an accurate sales pipeline, forecast, and account activity within Salesforce CRM. • Represent Veeam at partner meetings, executive briefings, regional events, and industry conferences, serving as a trusted advisor and VCSP subject matter expert. • Work cross-functionally with Sales, Channel, Marketing, Product, and Customer Success teams to accelerate partner success and revenue growth.
Cloud Architect – Enterprise AI, Modernization
DevsuDevsu is a technology agency that provides software development services, IT augmentation and staffing.
• Define and maintain enterprise cloud architecture across Azure environments, establishing standards for networking, security, IAM, and resource organisation. • Evaluate and guide platform strategy across Azure, Snowflake, Databricks, and related tooling. • Establish architectural principles for AI-enabled applications, ensuring systems are API-driven, modular, and scalable. • Identify architectural constraints that limit autonomous/agent workflows and create reference patterns for AI-to-production transitions. • Guide the evolution of CI/CD pipelines, including potential GitHub Enterprise migration, ensuring deployment patterns are scalable, secure, and repeatable. • Define application architecture standards (front-end, APIs, services) and implement lightweight governance for AI-generated code before production. • Quantify and manage technical debt across systems, reducing key-person dependencies in infrastructure design.




