Senior Security Engineer

About Nerdio

At Nerdio, our mission is to simplify the lives of IT professionals and maximize their Microsoft cloud and end user computing investments. 

We support organizations of all sizes looking to deploy, manage, and cost-optimize native Microsoft technologies. We partner with Enterprises and Managed Service Providers all over the world to add value on top of their existing native Microsoft investments like Azure Virtual Desktop (AVD), Windows 365, and Microsoft Intune. 

Created in 2016, Nerdio has always taken a market-leading and collaborative approach to cloud deployment and management. In fact, our product roadmap is greatly influenced by the regular feedback we receive from having seen companies deploy AVD into production environments several thousand times using Nerdio technology. 

Today, Nerdio is used in over 50 countries by more than 15,000 organizations of every size and vertical. We’re committed to delivering exceptional service and support, which starts with identifying and supporting the best staff possible. 

We are a fast-moving, nimble company looking for individuals who are collaborative, empathetic, driven and who love to move at the speed of light. If you want to be part of the AVD transformation that Microsoft and Nerdio are leading, then we want to speak with you.

About the role

We are seeking a threat-driven, execution-focused Senior Security Engineer to lead implementation of security controls across Azure-native infrastructure, pipelines, and identity ecosystems. This role is critical in embedding security at every layer of the cloud environment, ensuring that designs align with adversarial threat models, resilience goals, and assurance requirements. The ideal candidate will bring deep hands-on knowledge of Azure security services, policy enforcement, CI/CD hardening, and control validation — with a mindset tuned to both architectural context and operational truth. 

What you'll do

• Translate threat modeling outputs into implemented and validated controls across Azure services, Entra ID, API integrations, and developer pipelines. 

• Engineer secure CI/CD workflows including runner isolation, signed artifacts, Terraform policy enforcement, and verified deployment provenance. 

• Build, automate, and manage sandbox and ephemeral environments for secure testing, adversary emulation, and zero-trust workload isolation. 

• Deploy and enforce Azure Policy, Azure Defender, and built-in control sets across subscriptions — including remediation, exemptions, and governance reporting. 

• Implement and maintain secrets management, rotation, and audit enforcement using Azure Key Vault and pipeline-integrated controls. 

• Operationalize Privileged Identity Management (PIM) for just-in-time access, session logging, and least privilege enforcement across Entra ID and integrated SaaS tools. 

• Harden email, identity, and domain protections using Microsoft 365 Security Center, Exchange Online Protection, SPF/DKIM/DMARC, and impersonation defenses. 

• Review and secure internal and client-facing APIs, including OAuth2 flows, RBAC, token handling, and input validation. 

• Design and manage detection and telemetry pipelines using Azure Monitor, Application Insights, and Defender for Cloud. 

• Collaborate with architects, red teams, platform engineers, and legal/governance stakeholders to align controls with risk, compliance, and strategic direction. 

• Produce assurance artifacts (e.g., automated tests, policy drift detectors, runtime validations) to prove control integrity and readiness. 

Qualifications

• 8–12+ years in security engineering or DevSecOps roles with strong focus on Azure security controls. 

• Deep experience implementing and enforcing Azure Policy (built-in and custom), including remediation logic and policy sets. 

• Hands-on expertise with Terraform, GitHub Actions, and HashiCorp Sentinel policies in secure infrastructure provisioning. 

• Proficiency in Azure-native monitoring, threat detection, and advisory platforms (Defender for Cloud, App Insights, Azure Advisor, Azure Resource Graph). 

• Strong background in secure pipeline design and integration with Intune, Entra ID, and Microsoft 365 Security stack. 

• Familiarity with DLP strategy implementation across Microsoft 365 and Azure workloads. 

• Experience with scripting and automation (PowerShell, Python, Bash) and infrastructure-as-code patterns. 

• Understanding of the Cloud Control Matrix (CCM), NIST 800-53, SOC 2, and CIS Benchmarks as they apply to Azure environments. 

• Working knowledge of Zero Trust principles and experience deploying Azure-native access segmentation or ZTNA solutions (e.g., Zscaler integrated with Entra ID). 

Key Competencies

• Security-first builder, driven by real threats and measurable control impact. 

• Expert in Azure-native security services with practical understanding of limitations and design tradeoffs. 

• Strong operational judgment—understands how to secure while supporting agility and business need. 

• Comfortable operating across cloud, identity, and development domains to ensure control implementation is complete and auditable. 

• Clear communicator and team collaborator, capable of aligning engineers, architects, and compliance functions on shared goals. 

Benefits and Incentives

• Competitive Base + Incentive Plan
• Stock Options
• Health and Welfare Plans*
• Life and Disability Plans*
• Retirement Plan*
• Unlimited Flexible Paid Time Off......including your birthday off!
• Collaborative Team Culture

* Benefits for international employees, outside the US, vary by country. 

Nerdio is committed to a diverse and inclusive workplace. Nerdio is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.