Overview

We are seeking a hands-on Azure Security Engineer to focus on fixing security gaps across the Azure cloud environment. In this technical role, you will specialize in vulnerability remediation, AKS hardening, and network isolation using private connectivity and automated pipelines to strengthen our overall cloud security posture.

Responsibilities

  • Resolve security recommendations within Microsoft Defender for Cloud and execute technical fixes (patching, config changes, policy deployments) to drive up the Azure Secure Score
  • Harden Azure Kubernetes Service (AKS) clusters using CIS Benchmarks
  • Implement Kubernetes Network Policies to restrict pod-to-pod communication
  • Enforce identity security using Managed Identities, OIDC, and Entra ID integration
  • Manage and remediate Kubernetes YAML manifests, ensuring Pod Security Standards (PSS) and resource limits are enforced
  • Secure Azure Container Registry (ACR) by implementing Private Endpoints, disabling public access, and managing image signing via Content Trust
  • Set up lifecycle policies to automatically purge vulnerable or outdated container images
  • Embed security scanning (SAST/SCA) into Azure DevOps CI/CD pipelines
  • Leverage Infrastructure as Code (Terraform, Bicep, or ARM) to automate the deployment of secure network patterns and NSG rules
  • Manage Network Security Groups (NSGs) and ASGs using the principle of least privilege
  • Deploy and manage Azure Private Links and Private Endpoints to ensure PaaS services (SQL, Storage, Key Vault, Cosmos DB) are not exposed to the public internet
  • Remediate "Public Access Enabled" alerts by migrating resources to private networking backbones

Requirements

  • 4+ years of experience working with the Azure Cloud Platform
  • Proficiency in Microsoft Defender for Cloud, Azure WAF, and Azure Key Vault
  • Expertise in Azure Pipelines and ACR Management, including embedding automated security gates (SAST/SCA/IaC Scanning) into Azure DevOps CI/CD pipelines
  • Hands-on experience with AKS and ACR security
  • Strong skills in PowerShell or Azure CLI for bulk remediation tasks
  • Understanding of VNet Peering, NSG/UDR configuration, and Private Endpoint implementation
  • Capability to write and remediate Terraform or Bicep code
  • English proficiency at a B2 level to ensure effective communication and documentation

Nice to have

  • Certifications: AZ-500 (Azure Security Engineer Associate), AZ-400 (Azure DevOps Engineer)
  • Familiarity with Azure CLI and Azure Pipelines
  • Knowledge of Bicep
  • Background in Terraform

Ukraine

With us you can:

  • Work on a flexible schedule remotely or from any of our comfortable offices or coworking spaces in Ukraine
  • Receive the necessary equipment to perform your work tasks
  • Change projects and technology stacks within EPAM
  • Gain experience in various business domains (Insurance, E-commerce, Healthcare, Finance, Travelling, Media, Artificial Intelligence, and more)
  • Relocation opportunities may be available for eligible candidates, depending on the role and openings at other EPAM locations
  • Participate in volunteer, charity programs and communities (both technical and interest-based)

We focus on your professional growth:

  • You can plan your individual career path together with your manager
  • Receive regular feedback from colleagues
  • Improve your English for free with certified teachers (Speaking Clubs, client interview preparation courses, etc.)
  • Get the opportunity to undergo free training and certification in AWS, GCP, or Azure Clouds
  • Use the internal E-learn training program (18,200+ specialized training and mentoring programs)
  • Access corporate accounts on LinkedIn Learning, Get Abstract and other partner resources
  • Study at EPAM Solution Architecture School with the instructors who are practicing architects
  • Develop as a leader, join Delivery Management, Resource Management, Leadership Essentials school and more
  • Participate in internal communities (500+ meetups, technical discussions, brainstorming sessions, online events and conferences annually)

What we offer:

  • Vacation and sick leave (including a sick leave without a medical certificate)
  • A wide range of Voluntary Medical Insurance programs providing both medical treatment and various preventive options (including sports activities)
  • Medical insurance for family members at corporate rates
  • Company support during significant life events (childbirth or adoption, marriage, etc.)
  • Support for psychological comfort: discounts on services from mental health specialists or coaches, thematic training
  • E-kids program - a free programming language training program for EPAMers' children

[epamgdo] Ukraine (Remote)

Kindly note that this role supports remote work, but only from within Ukraine.

[epamgdo] Ukraine (benefits may differ)

Kindly be advised that the set of benefits, including learning, certification, and other opportunities, may vary depending on the role you apply for. Our recruiter will be able to share more details about the specific opportunity during your general interview.

[epamgdo] Ukraine (About EPAM)

EPAM strives to provide its global team of over 62,350 professionals in more than 55 countries with opportunities for professional growth from day one of collaboration. Our colleagues are the source of EPAM's success, so we value cooperation, strive to always understand our clients' business and aim for the highest quality standards. No matter where you are, you will join a dedicated, diverse community that will help you realize your potential to the fullest.