<p>FedRAMP Cloud Security Engineer : Microsoft Defender for Cloud and Azure Purview to provide view of the FedRAMP posture, Vulnerability & Patch Orchestration for FedRAMP remediation timelines, Secrets & Key Management using manage lifecycle cryptographic keys and service secrets within Azure Key Vault, Azure Sentinel (SIEM) activity within the FedRAMP boundary</p> <p>Job Summary</p> <p>Seeking FedRAMP Cloud Security Engineers (USC, Onshore) to architect and secure Azure environments, enforce NIST 800-53 controls, build compliant networks, manage IAM, automate patching, monitor compliance, respond to incidents, and support audit readiness. Expertise in Terraform/Bicep, Azure Policy, Sentinel, and Key Vault required.</p> <p>Responsibilities</p> <ul> <li> <ul> <li>Architect and secure Azure cloud environments tailored for banking-grade isolation using Virtual Networks (VNets), Hub-and-Spoke architectures, and Azure Firewall/WAF configurations. </li></ul> </li><li> <ul> <li>Enforce NIST 800-53 controls throughout the Azure environment to ensure FedRAMP compliance. </li></ul> </li><li> <ul> <li>Build and maintain compliant network infrastructure, incorporating best practices for security and scalability. </li></ul> </li><li> <ul> <li>Manage Identity and Access Management (IAM), including Azure Active Directory (Entra ID), Conditional Access Policies, Multi-Factor Authentication (MFA), and alignment with FedRAMP PIV/CAC requirements. </li></ul> </li><li> <ul> <li>Automate patching for Virtual Machines and Containers, ensuring timely remediation within strict FedRAMP timelines (30/60/90 days). </li></ul> </li><li> <ul> <li>Monitor continuous compliance using tools like Microsoft Defender for Cloud and Azure Purview, providing oversight of the FedRAMP posture and preventing unauthorised changes post-build. </li></ul> </li><li> <ul> <li>Manage secrets and cryptographic keys lifecycle within Azure Key Vault, including hardware security module (HSM) integration for FedRAMP High requirements. - Respond to security incidents by configuring and managing Azure Sentinel (SIEM) workbooks to detect and alert on anomalous activity within the FedRAMP boundary. </li></ul> </li><li> <ul> <li>Support audit readiness by actively managing the Plan of Action and Milestones (POA&M), collaborating with auditors, and providing automated evidence for annual assessments. - Promote secure code and configuration through the Test Dev </li></ul> </li><li>Prod pipeline, ensuring that security guardrails are inherited at every stage and preventing manual drift. </li><li> <ul> <li>Utilise Terraform/Bicep, Azure Policy, Azure Sentinel, and Azure Key Vault to implement and automate security controls and infrastructure management. </li></ul> </li></ul> <p>Certifications Required</p> <p>Mandatory Skills</p> <p>Microsoft Defender for Cloud and Azure Purview to provide view of the FedRAMP posture - Expert</p> <p>Vulnerability & Patch Orchestration for FedRAMP remediation- Expert</p> <p>Secrets & Key Management using manage lifecycle cryptographic keys and service secrets within Azure Key Vault- Expert</p> <p>Azure Sentinel (SIEM) activity within the FedRAMP boundary- Expert</p> <p>Salary and Other Compensation:</p> <p>The annual salary for this position depends on the experience and other qualifications of the successful candidate.</p> <p>This position is also eligible for Cognizant's discretionary annual incentive program, based on performance and subject to the terms of Cognizant's applicable plans.</p> <p>Benefits: Cognizant offers the following benefits for this position, subject to applicable eligibility requirements:</p> <ul> <li>Medical/Dental/Vision/Life Insurance </li><li>Paid holidays plus Paid Time Off </li><li>401(k) plan and contributions </li><li>Long-term/Short-term Disability </li><li>Paid Parental Leave </li><li>Employee Stock Purchase Plan </li></ul> <p>Please note, this role is not able to offer visa transfer or sponsorship now or in the future.</p> <p>Disclaimer: The benefits information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.</p>