🌎Akvelon is an American company with offices in Seattle, Mexico, Ukraine, Poland, and Serbia. Our company is an official vendor of Microsoft and Google. Our clients also include Amazon, Evernote, Intel, HP, Reddit, Pinterest, AT&T, T-Mobile, Starbucks, and LinkedIn. To work with Akvelon means to be connected with the best and brightest engineering teams from around the globe and working with an actual technology stack building Enterprise, CRM, LOB, Cloud, AI and Machine Learning, Cross-Platform, Mobile, and other types of applications customized to client’s needs and processes.
We are seeking an experienced Azure engineer to drive security and compliance remediation across our cloud services. You will identify, prioritize, and close configuration and code-level findings surfaced by cloud security posture tools and internal reviews; implement fixes with Infrastructure as Code (IaC); and harden identity, data, and network paths. Success means reducing risk quickly, sustaining a green posture, and leaving behind reusable patterns that keep it that way.
What You’ll Do
- Own the remediation backlog for assigned services: triage findings, set and track ETAs, and report progress to stakeholders.
- Implement Azure remediations via Policy-as-Code and Infrastructure as Code (Bicep/Terraform), including:
- Enforce TLS 1.2+ for in-transit encryption across applications, data services, and integrations.
- Eliminate credentials in code by adopting Managed Identities and using user-delegation SAS where needed; disable Shared Key authorization when possible.
- Apply and audit Azure Policies and Initiatives aligned with the Microsoft Cloud Security Benchmark; measure and improve security posture using Microsoft Defender for Cloud.
- Execute DevSecOps and secure development lifecycle practices: ensure static analysis and security gates run in CI/CD pipelines; document evidence for audits and reviews.
- Harden identity, data, and network configurations through least-privilege RBAC, private endpoints, Key Vault integration, and secure storage/database access patterns.
- Operationalize fixes by creating runbooks, reusable IaC modules, and monitoring/alerting to ensure remediations persist over time.
Required Qualifications
- 5+ years building/running services on Microsoft Azure (subscriptions, RBAC, VNets/private endpoints, NSGs/Firewall, Key Vault, Storage, App Services/Functions, containers/AKS).
- Strong Infrastructure as Code skills with Bicep and/or Terraform and CI/CD (Azure DevOps or GitHub).
- Demonstrated experience hardening workloads using Managed Identities and modern SAS models, avoiding Shared Key access.
- Hands-on with Microsoft Defender for Cloud (CSPM/CNAPP) or equivalent tooling to track posture, implement policies, and drive remediation.
- Familiar with secure development lifecycle practices and code scanning in pipelines.
- Excellent communication and documentation skills; comfortable driving multi-team efforts.
Preferred Qualifications
- Experience mapping controls to recognized benchmarks (e.g., Microsoft Cloud Security Benchmark) and landing guardrails with Azure Policy.
- Prior work enforcing TLS 1.2+ across applications, databases, and integrations.
- Depth with logging/observability for security validation (Defender for Cloud integrations, policy compliance dashboards).
Work Schedule & Location
Full-time position, flexible schedule (8 hours per day, 40 hours per week)
Hybrid work format
Conditions & Benefits:
- Vision, dental, health general insurance
- 401K retirement system
- Working with or not working with PTO
- Professional growth while attending challenging projects and the possibility to switch your role, master new technologies and skills with company support
- Personal Career Development Plan (CDP)
- Paid external training, conferences, and professional certification that meets the company’s business goals
- Internal workshops & seminars
Don’t miss out on this opportunity! Submit your application today.
