Senior Azure Cloud Security Engineer

Location: Arlington, VA

Department: Information Technology

Venture Global LNG (“Venture Global”) is a long-term, low-cost provider of American-produced liquefied natural gas. The company’s two Louisiana-based export projects service the global demand for North American natural gas and support the long-term development of clean and reliable North American energy supplies. Using reliable, proven technology in an innovative plant design configuration, Venture Global’s modular, mid-scale plant design will replace traditional designs as it allows for the same efficiency and operational reliability at significantly lower capital cost.

As a Senior Azure Cloud Security Engineer, you will be the primary architect and administrator for our cloud security posture. You will lead the implementation of a Zero Trust architecture, focusing on identity governance, modern endpoint management, and data protection. This role requires expert-level, hands-on experience in the Microsoft security ecosystem coupled with deep proficiency in best-of-breed third-party tools like CrowdStrike, Splunk, and Tenable. 

Responsibilities

• Design and maintain complex conditional access policies incorporating device compliance, location, and risk-based signals.
• Implement Privileged Identity Management (PIM) to enforce just-in-time (JIT) and just-enough-administration (JEA) for high-impact roles.
• Conduct regular access reviews and manage identity lifecycles for employees, contractors, guests, and service accounts. 
• Configure MDM and MAM policies, including device enrollment restrictions, compliance baselines, and configuration profiles for Windows, macOS, iOS, and Android.
• Oversee patching deployments and automate OS/Application patching cycles to maintain a low vulnerability footprint. 
• Build and tune sensitivity labels for automatic data classification across SharePoint, Teams, and Exchange.
• Develop Data Loss Prevention (DLP) policies to prevent unauthorized data exfiltration. 
• Manage the full suite (Endpoint, Office 365, Identity, and Cloud) to investigate and remediate sophisticated threats.
• Administer CrowdStrike Falcon for advanced EDR/Next-Gen AV and integrate findings into the broader security operations.
• Oversee the ingestion of Azure and M365 logs into Splunk for centralized monitoring, creating custom alerts and dashboards for the SOC. 
• Utilize Tenable Vulnerability Management to perform continuous scanning, prioritize remediation based on business risk, and track the organization's exposure score.
• Harden email security through anti-phishing, anti-impersonation, and safe links/attachments policies.

Qualifications

• Deep knowledge and hands on experience in core components of the Microsoft security and management ecosystem designed for a Zero Trust Approach. Specifically on Azure Entra, Intune and Purview (DLP, eDiscovery, Information Protection, Insider Risk Management) and Azure Conditional Access Policies for automated guardrails.
• Advanced proficiency in PowerShell or Python for automating security tasks and incident response playbooks.
• Expertise in using Proofpoint Targeted Attack Protection (TAP) and Threat Response Auto-Pull (TRAP) to stop phishing and malware.
• Managing the full user lifecycle (joiner, mover, leaver) and automating provisioning/deprovisioning using SailPoint.
• Prior experience with JAMF Pro and JAMF Protect for securing Apple endpoints within an enterprise Azure environment. 
• Bachelor's degree or equivalent experience in Cybersecurity, Computer Science, or Information Systems.
• 7 or more years of professional experience relevant experience supporting enterprise cloud and/or infrastructure environments.
• Certifications: Microsoft Certified Azure Security Engineer Associate (AZ-500) (Preferred).
• SC-100 (Cybersecurity Architect) or CISSP (Highly Preferred). 

Venture Global LNG is an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law.

#LI-Onsite