The role is a hands‑on Azure Security Engineer position focused on designing, implementing, and maintaining security controls across xAI’s Azure Gov Cloud environment, including hybrid and multi‑cloud scenarios. Responsibilities include building cloud security posture, protecting critical workloads, and collaborating with engineering, DevOps, and compliance teams to embed security throughout the development lifecycle. The engineer will also develop, implement, and leverage Microsoft’s native security tools to detect threats, respond to incidents, and ensure compliance with federal regulations such as FedRAMP and CMMC.
Security Engineer - Azure Government at xAI
Palo Alto, CA; Washington, D.C.
More jobs at xAISalary
USD 100,000 - 258,000
Requirements
Skills
- Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one
- 3+ years of experience in cloud security, cybersecurity engineering, or related roles with strong Azure focus
- Deep hands‑on expertise with core Azure security services: Microsoft Defender suite, Sentinel, Intune, Entra ID, Key Vault, Azure Policy, Firewall, Network Watcher, and Purview
- Strong understanding of DLP implementation both in cloud and on endpoints utilizing Purview and other Microsoft native controls
- Experience implementing security in hybrid/multi‑cloud environments
- Proficiency in scripting/automation (PowerShell, Azure CLI, Bicep/ARM templates, Terraform)
- Strong understanding of identity federation, zero‑trust principles, encryption, network security, and vulnerability management
- Familiarity with compliance frameworks (NIST, FedRAMP, CMMC, STIGs, etc.) and regulatory requirements
- Excellent problem‑solving, analytical, and communication skills
- Strong verbal and written communication skills and the ability to stay composed under pressure
Responsibilities
- Implement, design, and manage security architecture for Azure Government and Commercial deployments with DoD IL5/IL6 and FedRAMP High controls
- Configure and optimize Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated response
- Design and enforce identity & access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just‑in‑time access
- Secure network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpoints
- Protect data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controls
- Develop and maintain security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs, etc.)
- Perform threat hunting, incident response, and forensics using Sentinel playbooks, Log Analytics, and KQL queries
- Conduct security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloads
- Collaborate with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaults
- Monitor and remediate security findings, reduce attack surface, and improve overall security posture per the Microsoft Cloud Security Benchmark (MCSB)
- Deploy configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services
Technologies
Microsoft AzureAzure GovernmentMicrosoft Defender for CloudMicrosoft SentinelMicrosoft Defender for EndpointMicrosoft Entra IDPrivileged Identity Management (PIM)Azure FirewallNetwork Security Groups (NSGs)DDoS ProtectionWeb Application Firewall (WAF)Network WatcherAzure Key VaultAzure PolicyMicrosoft PurviewPowerShellAzure CLIBicepARM templatesTerraformKQL
See if your resume is ready for this job
See how our AI can optimize your resume and improve your chances for this role.