Since 1933 Heath Consultants Incorporated is the leading provider of services and equipment to the natural gas and utility industry. Heath develops and manufactures its equipment in its own world-class facility located in Houston, TX.
The Senior Clound Security Engineer is responsible for protecting the organization’s systems, data, and infrastructure by implementing and maintaining effective security controls across on-premises and cloud environments. This role collaborates with IT and cybersecurity teams in incident response efforts, monitors for threats, and supports the enforcement of security policies and procedures aligned with industry standards such as NIST, SOC 2, and CIS Benchmarks. The ideal candidate has strong expertise in cloud security, Identity and Access Management (IAM), data protection, and DevSecOps, with a preference for experience in Microsoft Azure environments. Hands-on knowledge of Web Application Firewalls (WAFs), firewall configuration, and network security is essential for securing enterprise assets in both hybrid and cloud-native architectures.
Key Responsibilities
Identity & Access Management (IAM):•Manage and optimize Azure AD, Entra ID, and identity governance frameworks.
•Implement and maintain role-based access control (RBAC), conditional access, and privileged identity management (PIM).
•Manage user access rights, permissions, and privileges across systems and applications.
•Ensure adherence to the principle of least privilege and regularly review and update access policies.
•Integrate IAM solutions across enterprise applications and services.
Data Security & Compliance
•Design and enforce data security controls including encryption, DLP (e.g., Microsoft Purview), classification, and tokenization.
•Conduct risk assessments and align data handling with NIST CSF, SOC 2, CIS Benchmarks, and internal compliance standards.
•Implement and maintain data governance policies across Microsoft and hybrid platforms.
•Administer and maintain security tools and technologies related to data protection.
•Assist in preparing for and participating in security audits and assessments, maintaining internal security trackers.
•Maintain detailed records of security activities, incidents, and remediation efforts.
•Generate regular security reports for management review.
Cloud Security & Infrastructure Protection
•Secure Azure cloud workloads including VMs, containers, serverless, and PaaS environments.
•Implement and manage WAFs (Azure WAF, Cloudflare, or equivalent) and next-generation firewalls (e.g., Palo Alto, Azure Firewall).
•Monitor and improve security posture using Microsoft Defender for Cloud, Sentinel, and Azure Security Center.
•Conduct continuous cloud security assessments, vulnerability assessments, and threat modeling for Azure and hybrid systems.
•Research and recommend cloud security enhancements and improvements.
DevSecOps & Automation
•Embed security controls into CI/CD pipelines using Azure DevOps or GitHub Actions.
•Integrate automated code scanning, secrets detection, and container security tools.
•Enforce secure Infrastructure-as-Code (IaC) practices using tools like Terraform, Bicep, and ARM templates.
•Validate configurations using policy-as-code solutions (e.g., Azure Policy, OPA).
•Participate in the development and implementation of best practices and security standards for DevOps environments.
Security Operations & Incident Response
•Administer and maintain security systems, including SIEM, IDS/IPS, antivirus, and encryption technologies.
•Configure and tune SIEM/XDR tools (Microsoft Sentinel, Defender XDR) for proactive security monitoring.
•Monitor security logs and alerts, investigate anomalies, and collaborate in incident response efforts.
•Develop and maintain an incident response plan, coordinate and document response efforts during security incidents.
•Contribute to forensic analysis and root cause investigations; document incidents and recommend remediation strategies.
•Conduct routine security system audits and manage follow-ups on identified risks.
Governance, Risk & Compliance (GRC)
•Develop, update, and enforce security policies, procedures, and standards aligned with business and regulatory needs.
•Collaborate with IT and business teams to ensure security measures support organizational goals and operations.
•Promote a culture of security awareness by organizing and conducting employee training sessions on best practices.
•Maintain up-to-date knowledge of IT security trends, threats, and regulatory changes.
Competencies
Perform other related duties as assigned.
•Information Security Compliance & Regulatory Adherence.
•CIS Benchmark Implementation & Hardening Standards
•Cybersecurity Risk Assessment & Management.
•Secure Coding Practices & Development Standards
•Cybersecurity Support & Customer Engagement.
•Secure Software Development Lifecycle (SDLC)
•Secure Automation, Testing, and Deployment
•Threat Detection, Analysis, and Response.
•Identity and Access Management (IAM) Solutions
•Security Monitoring, Metrics, and Reporting.
Knowledge, Skills, And Experience
•A bachelor’s degree in computer science, Information Technology, Information Security or a related field is required.
•Minimum of five years of experience in security engineering or cloud security role
•Experience with Azure Cloud Environment including Microsoft 365
•Proven experience managing WAFs, firewalls, and cloud-native security tools
•Familiarity with scripting or automation (PowerShell, Python, Bash).
•Strong knowledge of IAM, DevSecOps, and data security in cloud environments.
•Experience preparing Risk Assessments for software and systems.
•Experience with computer network penetration testing, techniques and remediations
•Understanding SIEM, antivirus, and IDPS concepts
•Knowledge of the NIST Framework, SDLC lifecycle, and Secure code analysis
Work Environment And Physical Requirements
•Dependable, flexibility to work weekends, evenings, nights, and holidays.
•Heath’s IT is a 24/7/365 department such that, as an employee needs assistance, they will be provided with the proper channels based on normal working hours, expanded working hours or emergency support hours.
•Hybrid work schedule (3 days onsite)
•Sitting for extended periods.
•Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components.
•Occasional inspection of cables in floors and ceilings.
•Lifting and transporting of moderately heavy objects, such as computers and peripherals.
full time
$120,000-$135,000Houston, TX5 days ago
