Manager, Cloud Security & Engineering

The Manager, Cloud Security and Engineering is responsible for leading the secure design, governance, and operational oversight of cloud and hybrid environments that protect critical infrastructure and sensitive information assets. This role combines advanced technical expertise with people leadership, guiding a team of security engineers while driving architectural standards, security engineering practices, and risk reduction strategies across Azure, Google Cloud Platform, and hybrid ecosystems. The Manager collaborates closely with infrastructure, compliance, legal, and executive stakeholders to ensure cloud solutions align with enterprise risk tolerance, regulatory obligations, and long term strategic objectives.

Key Responsibilities

• Cloud Security Architecture and Governance
• Define and maintain secure cloud reference architectures, technical standards, and configuration baselines across Azure, GCP, and hybrid environments.
• Establish hardened deployment patterns aligned with CIS benchmarks, NIST SP 800 controls, CMMC requirements, and ISO 27001 principles.
• Oversee secure design reviews for new cloud initiatives, modernization efforts, and migration programs to ensure resilience, scalability, and defense in depth.

Operational Security Leadership

• Direct daily cloud security operations, including oversight of monitoring, configuration management, vulnerability remediation, and platform hardening.
• Act as the senior escalation point for complex security incidents and technical risk decisions.
• Ensure operational processes are measurable, repeatable, and aligned with defined service level objectives.

Identity and Access Governance

• Oversee enterprise identity architecture and access governance across Microsoft Entra ID, Google Cloud Identity, and integrated on premises systems.
• Implement and enforce least privilege access models, conditional access strategies, privileged identity management, and lifecycle governance controls to strengthen audit readiness and reduce unauthorized access risk

Network and Infrastructure Protection

• Provide leadership over secure connectivity architecture, segmentation strategies, and cloud perimeter defense controls.
• Ensure proper implementation and tuning of Network Security Groups, Azure Firewall, Web Application Firewalls, and next generation firewall technologies to safeguard workloads and data flows across interconnected environments.

Endpoint and Platform Security

• Lead the development and enforcement of endpoint security standards across Windows, macOS, iOS, and Android platforms.
• Oversee device compliance enforcement, configuration baselines, and threat protection strategies using enterprise security tools to maintain consistent security posture across user and server assets.

Data Security and Regulatory Alignment

• Design and implement enterprise data protection strategies including classification, labeling, encryption, and data loss prevention capabilities.
• Partner with governance and compliance teams to maintain adherence to contractual and regulatory frameworks including CMMC, DFARS, ITAR, HIPAA, and GDPR.
• Support internal and external assessments through evidence validation and control maturity documentation.

Threat Detection and Risk Management

• Provide strategic oversight of SIEM and extended detection and response platforms to enhance visibility and reduce dwell time.
• Lead coordinated response efforts, root cause analysis, and continuous improvement initiatives following security events.
• Conduct recurring risk assessments and threat modeling exercises to proactively identify emerging vulnerabilities.

Documentation and Standard Operating Procedures

• Develop, formalize, and maintain comprehensive standard operating procedures, technical runbooks, incident response playbooks, and configuration standards.
• Ensure documentation reflects current architecture, regulatory obligations, and operational workflows.
• Drive adoption of documented processes to promote consistency, accountability, and audit defensibility across the security engineering function.

Stakeholder Engagement and Program Delivery

• Partner with business leaders and technology teams to align security initiatives with enterprise priorities.
• Provide executive level reporting on cloud security posture, risk metrics, and remediation progress.
• Evaluate emerging technologies and recommend solutions that enhance security effectiveness and operational efficiency.

Qualifications

• US Citizenship Required 
• Must possess, and be able to maintain a Top Secret (TS) Clearance 

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, or a related discipline.
• A minimum of five years of progressive experience in cybersecurity or cloud security engineering, including at least three years of direct hands on experience designing and securing Azure, Google Cloud Platform, or hybrid cloud architectures.
• At least two years of demonstrated team leadership experience, including technical oversight, workload prioritization, mentorship, and accountability for deliverables.
• Proven experience implementing cloud security controls, identity governance frameworks, infrastructure protection mechanisms, and regulatory compliance programs.
• Demonstrated experience authoring and maintaining formal standard operating procedures, security policies, and technical documentation in regulated environments.

Preferred Qualifications

• Seven or more years of experience in cloud security or cybersecurity engineering.
• Advanced certifications such as CISSP, CCSP, CISM, Microsoft Azure Security Engineer Associate, Cybersecurity Architect, CompTIA Security+, CASP+, or demonstrated CMMC and NIST implementation expertise.
• Project leadership certification such as PMP is desirable.

What we offer 

• The salary range for this role is $140,000 to $160,000 commensurate with experience and qualifications  
• Opportunity for hybrid work 
• A competitive salary and benefits package 
• A casual, friendly, and relaxed work environment 
• Professional growth encouragement and support 

Industrial Security Integrators, LLC (“IsI”) is an equal opportunity employer committed to affirmative action and diversity in the workplace. It is the policy of IsI to provide Equal Employment Opportunities (EEO) to Employees and Applicants, without regard to race, color, religion, sex, age, marital status, citizenship status, national origin, sexual orientation, gender identity, veteran status or disability or any other factor protected by law and to provide advancement opportunities for minorities, women, disabled individuals, and veterans. IsI is stronger and more effective when our workforce includes highly qualified individuals with diverse backgrounds, cultures, and traditions.

IsI Enterprises does not accept unsolicited resumes from individual recruiters or third party recruiting agencies in response to job postings or otherwise. Placement fees will not be paid to any recruiter unless IsI has an active agreement in place with the recruiter and such a request has been made by the IsI hiring team and such candidate was submitted to the IsI hiring team via our Applicant Tracking System. Any unsolicited resumes or other data submitted to IsI in violation of this policy may be used by IsI without obligation to pay any fees of any kind to the recruiter.