Cloud Security Engineer (m/f/d)
Role: Cloud Security Engineer (Microsoft Azure / M365)
Location: Riyadh, Saudi Arabia
Contract: 12 months (extendable)
Client:
A leading Middle East-based cybersecurity and risk management solutions provider, focused on protecting critical digital assets and infrastructure across the GCC, delivering projects for government entities.
Job Description:
Role Summary:
The Cloud Security Engineer will provide hands-on technical expertise in the deployment, implementation, and operation of security controls across Microsoft Azure and Microsoft 365 environments for a government end client. The role focuses on deployment execution, migration support, identity and data security, and operational incident response, working within a large support team without requiring senior architectural input.Key Responsibilities:
• Serve as the hands-on technical engineer for Microsoft security stack deployment and cutover activities.• Deploy and configure Microsoft Defender for Cloud (workload protections, secure score, compliance dashboards) and Microsoft Sentinel (analytics rules, KQL queries, workbooks, playbooks).
• Implement Azure Policy (custom initiatives, assignments, exemptions, remediation) and network security controls (NSGs, Azure Firewall, Private Endpoints, WAF, DDoS).
• Coordinate directly with:
o Government end client IT & security teams
o Internal cloud architects and delivery teams
o Third-party security tool vendors
o Presales and delivery leadership
• Configure and manage Entra ID security including Conditional Access policies, Privileged Identity Management (PIM), identity governance, and service principals/managed identities.
• Implement Microsoft Purview controls (DLP policies, sensitivity labels, retention) and encryption via Azure Key Vault, disk encryption, and TLS.
• Support migration of applications across domains or Entra ID tenants, implementing security controls for migrated workloads.
• Integrate and manage third-party security tools with the Microsoft stack, ensuring logging and monitoring feed into Sentinel.
• Monitor and respond to alerts from Defender for Cloud, Sentinel, and M365 Defender; perform triage and escalation.
Required Technical Expertise:
• Minimum 5–6 years of experience in IT/security, with at least 3 years in hands-on Azure security engineering.• Deep knowledge of Microsoft security stack:
o Microsoft Defender for Cloud
o Microsoft Sentinel (KQL, analytics rules, workbooks, playbooks)
o Azure Policy (custom initiatives, assignments, remediation)
o Entra ID (Conditional Access, PIM, identity governance, service principals)
o Microsoft Purview (DLP, sensitivity labels, retention)
o Azure Key Vault (secrets, keys, certificates)
• Understanding of:
o Network security controls (NSGs, Azure Firewall, Private Endpoints, WAF, DDoS)
o Domain-to-domain or tenant-to-tenant migration
o Data encryption (disk encryption, TLS)
o Third-party security tool integration
• Proven track record in cloud security deployment or migration projects involving government or regulated environments.
• Experience with Infrastructure-as-Code (Terraform or Bicep) preferred but not mandatory.
Preferred Certifications:
• Microsoft AZ-500 (Azure Security Engineer Associate) – strongly preferred• Microsoft SC-200 (Security Operations Analyst)
• Microsoft SC-300 (Identity and Access Administrator)
• Microsoft MS-500 (M365 Security Administrator)
Halian Group:
With over 28 years of experience, we have come to understand that innovation is the only way to provide agile, practical solutions that transform businesses and careers.
Our resourcing and smart services help you to realize tomorrow's potential. Discover the amazing things possible when you bring the right people and the right technologies together.
At Halian, we recognize that diversity, equity, and inclusion (DEI) are essential to building high-performing teams for our clients. We are committed to connecting organizations with top talent from all backgrounds, ensuring that every individual feels valued, respected, and empowered to contribute their unique perspectives. We encourage applications from all qualified candidates, regardless of race, gender, disability, or any other characteristic that makes them unique. By fostering diverse and inclusive workplaces, we help our clients drive innovation, enhance collaboration, and better reflect the communities they serve.
#LI-JJ1