CMG Financial

IT Security Engineer - Cloud

CMG Financial  •  United States (Hybrid)  •  2 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

CMG Financial is hiring a Security Engineer for our cloud environment to help secure our Azure-primary cloudand the hybrid environment that supports one of the nation's largest privately held mortgage lenders. Workingwithin the Information Security team, you will harden cloud posture, tighten identity and access, and build thedetection and automation that keep our environment defensible. This role is built for growth: you will ownmeaningful cloud security work from the start and expand your scope and depth over time. It operates in ahighly regulated lending environment, subject to regulatory examinations and investor and agency audits.

ESSENTIAL DUTIES and RESPONSIBILITIES,includes the following responsibilities, but not limited to

  • Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediatingmisconfigurations and excessive access.
  • Enforce preventative guardrails with Azure Policy and benchmark configuration against CIS Benchmarks andthe NIST Cybersecurity Framework.
  • Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access, and runperiodic access reviews and attestations.
  • Use Microsoft Purview and Defender for Cloud data-aware posture (DSPM) to classify and protect sensitivecloud data.
  • Embed security into Terraform and GitHub Actions pipelines, including IaC scanning, policy-as-code, andsecrets management.
  • Support threat modeling and secure design reviews for new and changing cloud workloads.
  • Engineer Microsoft Sentinel data ingestion (data connectors, Data Collection Rules and Endpoints) and builddetections.
  • Integrate Microsoft Defender for Cloud and Defender XDR signals into Sentinel for unified detection andresponse.
  • Support cloud threat hunting, incident response, and automation of enrichment and remediation.
  • Map cloud controls to recognized frameworks and produce control evidence for regulatory examinationsand investor and agency audits.

REQUIRED QUALIFICATIONS:

Education and Experience

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.
  • 3+ years in cloud security or cloud engineering, including hands-on Microsoft Azure security.

Core Cloud Security Skills (Azure)

  • Microsoft Defender for Cloud, Azure Policy, and Microsoft Entra ID (Azure RBAC, PIM, Conditional Access).
  • Cloud security posture management (CSPM/CNAPP), with the ability to find and remediate misconfigurations and excessive access.

DevSecOps and Automation

  • Infrastructure-as-Code with Terraform and CI/CD security in GitHub Actions.
  • Scripting and automation with Python, PowerShell, and KQL. Using GenAI to generate and validate scripts iswelcomed and approved.

Detection and Monitoring

  • Microsoft Sentinel, including Log Analytics ingestion (data connectors, DCR/DCE).
  • Security architecture, design review, and threat modeling, with working knowledge of NIST CSF and CISBenchmarks.

Preferred Certifications

  • AZ-500, SC-100, or a relevant GIAC credential (GCSA, GCDA, or GCFR).

Nice to Have

  • Hands-on AWS security (the role is Azure-primary; AWS is a plus).
  • GitHub Advanced Security (GHAS); container and Kubernetes (AKS) security.
  • Secrets and key management (Azure Key Vault).
  • Experience in financial services, mortgage, or other highly regulated industries, including producing audit and examination evidence.

SUPERVISORY RESPONSIBILITIES:

Direct Reports:N/A

PHYSICAL and ENVIRONMENTAL CONDITIONS

This role operates in an ADA compliant office environment, utilizing typical office equipment and tasks including computer work. The position may involve partial stationary positions and moving throughout the day. Flexibility to work overtime to meet project deadlines is required.

Base Compensation Information– This role is a remote position that is currently allocated for candidates within geographic regions that do not currently require base wage disclosure. The compensation range for this position will be provided upon request. (Due to their geographic location, residents of the states of CA & CO, and for NY are excluded from this role at this time)

CMG Financial

About CMG Financial

Nationwide mortgage lender with Correspondent, Wholesale, and Retail origination channels. NMLS ID# 1820 (www.nmlsconsumeraccess.org)

Throughout the mortgage industry, CMG Financial is known for its innovation of product and continued investment in technology. From HomeFundIt, the down payment gifting platform to the All In One Loan, the smarter way to borrow, CMG develops mortgage solutions that serve the needs of every borrower.

CMG Financial holds federal agency lending approvals with HUD, VA, RHS, GNMA, FNMA and FHLMC and makes its products and services available through three distinct origination channels: Retail, Correspondent, and Wholesale Lending. Team CMG specializes in all new purchase and refinance mortgage needs and act as financial counselors to help borrowers make informed decisions. Find out what “Every Customer, Every Time. No Exceptions, No Excuses.” means to us!

This site is not authorized by the New York State Department of Financial Services. No mortgage loan applications for properties located in the state of New York will be accepted through this site.

Industry
Finance & Insurance
Company Size
1,001-5,000 employees
Headquarters
San Ramon, CA
Year Founded
1993
Website
cmgfi.com
Social Media