Lastly, you will be required to both achieve and maintain compliance with government regulations such as FedRAMP and CMMC.Key Responsibilities:Implement, design, and manage security architecture for Azure Government and Commercial deployments (with considerations for DoD IL5\IL6 and FedRAMP High controls)Configure and optimize Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated responseDesign and enforce identity & access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just-in-time accessSecure network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpointsProtect data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controlsDevelop and maintain security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs, etc.)Perform threat hunting, incident response, and forensics using Sentinel playbooks, Log Analytics, and KQL queriesConduct security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloadsCollaborate with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaultsMonitor and remediate security findings, reduce attack surface, and improve overall security posture per the Microsoft Cloud Security Benchmark (MCSB)Deploy configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services. Required Qualifications:Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one.3+ years of experience in cloud security, cybersecurity engineering, or related roles (with strong Azure focus)Deep hands-on expertise with core Azure security services: Microsoft Defender suite, Sentinel, Intune, Entra ID, Key Vault, Azure Policy, Firewall, Network Watcher, and PurviewStrong understanding of DLP implementation both in cloud and on endpoints utilizing Purview and other Microsoft native controlsExperience implementing security in hybrid/multi-cloud environmentsProficiency in scripting/automation (PowerShell, Azure CLI, Bicep/ARM templates, Terraform)Strong understanding of identity federation, zero-trust principles, encryption, network security, and vulnerability managementFamiliarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs, etc.) and regulatory requirementsExcellent problem-solving, analytical, and communication skillsStrong verbal and written communication skills and the ability to stay composed under pressure.