Based in San Ramon, California, CMG Financial is a privately held banking and mortgage firm with operations in most U.S. states. An equal housing lender, CMG Financial specializes
Senior DevOps Engineer
Location
United States
Posted
10 days ago
Salary
0
Seniority
Senior
No structured requirement data.
Job Description
Senior DevOps Engineer
CMG Financial
Role Description CMG Financial is hiring a Security Engineer for our cloud environment to help secure our Azure-primary cloud and the hybrid environment that supports one of the nation's largest privately held mortgage lenders. Working within the Information Security team, you will harden cloud posture, tighten identity and access, and build the detection and automation that keep our environment defensible. This role is built for growth: you will own meaningful cloud security work from the start and expand your scope and depth over time. It operates in a highly regulated lending environment, subject to regulatory examinations and investor and agency audits. - Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access. - Enforce preventative guardrails with Azure Policy and benchmark configuration against CIS Benchmarks and the NIST Cybersecurity Framework. - Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access, and run periodic access reviews and attestations. - Use Microsoft Purview and Defender for Cloud data-aware posture (DSPM) to classify and protect sensitive cloud data. - Embed security into Terraform and GitHub Actions pipelines, including IaC scanning, policy-as-code, and secrets management. - Support threat modeling and secure design reviews for new and changing cloud workloads. - Engineer Microsoft Sentinel data ingestion (data connectors, Data Collection Rules and Endpoints) and build detections. - Integrate Microsoft Defender for Cloud and Defender XDR signals into Sentinel for unified detection and response. - Support cloud threat hunting, incident response, and automation of enrichment and remediation. - Map cloud controls to recognized frameworks and produce control evidence for regulatory examinations and investor and agency audits. Qualifications - Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience. - 3+ years in cloud security or cloud engineering, including hands-on Microsoft Azure security. - Core Cloud Security Skills (Azure): Microsoft Defender for Cloud, Azure Policy, and Microsoft Entra ID (Azure RBAC, PIM, Conditional Access). - Cloud security posture management (CSPM/CNAPP), with the ability to find and remediate misconfigurations and excessive access. - DevSecOps and Automation: Infrastructure-as-Code with Terraform and CI/CD security in GitHub Actions. - Scripting and automation with Python, PowerShell, and KQL. Using GenAI to generate and validate scripts is welcomed and approved. - Detection and Monitoring: Microsoft Sentinel, including Log Analytics ingestion (data connectors, DCR/DCE). - Security architecture, design review, and threat modeling, with working knowledge of NIST CSF and CIS Benchmarks. Requirements - Preferred Certifications: AZ-500, SC-100, or a relevant GIAC credential (GCSA, GCDA, or GCFR). - Nice to Have: Hands-on AWS security (the role is Azure-primary; AWS is a plus). - GitHub Advanced Security (GHAS); container and Kubernetes (AKS) security. - Secrets and key management (Azure Key Vault). - Experience in financial services, mortgage, or other highly regulated industries, including producing audit and examination evidence. Physical and Environmental Conditions This role operates in an ADA compliant office environment, utilizing typical office equipment and tasks including computer work. The position may involve partial stationary positions and moving throughout the day. Flexibility to work overtime to meet project deadlines is required. Base Compensation Information This role is a remote position that is currently allocated for candidates within geographic regions that do not currently require base wage disclosure. The compensation range for this position will be provided upon request. (Due to their geographic location, residents of the states of CA & CO, and for NY are excluded from this role at this time.)
Related Guides
Related Categories
Related Job Pages
More DevOps Engineer Jobs
DevSecOps Engineer
Casa Inc.Casa helps people store bitcoin and ethereum by empowering them to own, secure, and manage their private keys easily.
• Handle internal security requests and make sure employees have the tools and access they need without over-provisioning • Ensure that employees have access to the tools and systems they need while maintaining least privilege access principles • Onboard and offboard employees across internal systems • Oversee our MDM system and stay on top of alerts • Review and assess new technologies (tools, code frameworks, third-party providers, internal apps) through a security lens • Help shape and refine security best practices across the org • Triage and work through vulnerabilities surfaced by pen testing, static analysis, responsible disclosures, and automated alerts • Keep security documentation and training materials fresh and useful • Automate security processes and alerts wherever you can find the leverage • Participate in a shared on-call rotation for critical production security issues • Stay abreast of the latest security events and trends • Participate in regular security training and certification acquisition • Ensure our software development lifecycle remains secure as we continue to evolve its processes. • Write infrastructure-as-code to automate deployment and management using Terraform, Ansible, or similar tools • Stay current on emerging threats, security trends, and what's happening across our stack and industry • Investigate and resolve infrastructure incidents to keep things running smoothly
Senior Site Reliability Engineer, SRE
OowlishWe make innovation simple, convenient and right...we just make it HAPPEN
• Own the reliability, availability, and operational excellence of business-critical production systems. • Define how reliability is measured. • Lead incident response during production outages. • Drive observability strategy. • Continuously improve operational practices across high-availability environments. • Managing SLOs and leading major incidents.
Google Workspace Deployment Engineer
66degrees66degrees is an end-to-end AI transformation partner that guides enterprises from complex business challenges to clear, quantifiable outcomes. Our company is the culmination of several successful firms, each a leader in its own right in cloud, artificial intelligence, and data. This convergence of talent and expertise is how we help businesses reach their own "inflection point," where chaotic data becomes a strategic asset, complexity becomes clarity, and AI becomes an engine for growth. Our ultimate vision is to be the catalyst for a future where every business operates as an intelligent enterprise, with autonomous systems unlocking human potential. At 66degrees, we believe in thriving through challenges and winning together. These values not only guide us in achieving our goals as a company but also for our people. We are dedicated to creating a significant impact for our employees by fostering a culture that sparks innovation and supports professional and personal growth along the way.
• Implement, and support Google Workspace small to mid deployments and migrations. • Assist in the design, implementation, and support Google Workspace Enterprise deployments and migrations. • Participate in technical discussions with customer executives that drive decisions and implementation • Manage cloud networking services and connect to client networks • Execute tasks related to SaaS configuration, development and integrations • Configure and manage Cloud Platform services and APIs • Develop custom scripts as necessary using Powershell, Python or Appscript • Train our clients’ end users and their technical personnel as required per project scope • Write technical documentation for deployed solutions that includes end-user guides and process manuals • Write, Contribute, Publish content to our LMS for Google Workspace content • Ability to travel to client sites as needed and requested
• Build and manage Azure resources (VNets, Load Balancers, Key Vault, Container Registry, etc.) through Terraform and Bicep. • Support deployment, scaling, and troubleshooting of AKS clusters. • Implement and enhance pipelines in GitHub Actions and Azure DevOps, integrating automated testing and security scanning. • Contribute to GitOps workflows using ArgoCD or Flux for consistent deployments. • Improve metrics, alerting, and dashboards via Prometheus, Grafana, ELK, and Azure Monitor. • Develop automation scripts (Python, Bash, PowerShell) for infrastructure, CI/CD, and operational processes. • Participate in production incident management, troubleshooting, and blameless postmortems. • Collaborate with development and QA teams to implement DevOps best practices and self-service capabilities.




