Inspira Financial Logo

Inspira Financial

Sr. Cloud Security Engineer (Remote)

Posted An Hour Ago
In-Office or Remote
Hiring Remotely in Chicago, IL
125K-155K Annually
Senior level
In-Office or Remote
Hiring Remotely in Chicago, IL
125K-155K Annually
Senior level
Senior Cloud Security Engineer responsible for hands-on remediation of cloud and infrastructure vulnerabilities, operating vulnerability and CSPM tooling, enforcing secure configurations across Azure environments, embedding security in CI/CD and IaC, supporting compliance/audits and reporting, mentoring engineers, and partnering with cross-functional teams to maintain cloud security posture and policy.
The summary above was generated by AI
Join Us!
Take the next step in your journey at Inspira Financial. Guided by our mission to enable better health and greater wealth, we help businesses and individuals thrive today, tomorrow, and into retirement by strengthening and simplifying the health and wealth journey.
Our values shape how we show up every day. We Lead with Heart by acting with compassion, empathy, and doing what's right; Cultivate Trust through integrity, transparency, and accountability; Aim Higher by never settling for what's expected and continually raising the standard; and Win Together by collaborating inclusively to achieve the best outcomes.
Join us on our journey as we work together to take on the complex and the everyday--turning collective effort into life-changing impact that enriches lives and helps build a better future. Learn more at inspirafinancial.com.
We believe in finding the best talent! While some roles are based at one of our office locations, remote roles can sit in any of the following states: AL, AZ, FL, GA, IA, IL, IN, MI, MN, MO, NC, NE, PA, SC, TN, TX, UT, VA and WV. Remote status and role locations are subject to change. Relocation is not provided.
Employees within a 90-minute radius of our Oak Brook, IL headquarters are required to adhere to the company in-office work guidelines of 4 days per month minimum from 10 am to 2 pm (1 of the 4 days must be a Monday or Friday). This requirement does not apply to support specialist positions.
Don't meet every single requirement? That's okay. At Inspira Financial, we know growth comes from people who are willing to learn, challenge themselves, and aim higher. We value individuals who lead with heart, cultivate trust, and collaborate to win together. If you're energized by meaningful work, continuous development, and being part of a team that turns collective effort into real impact, Inspira Financial could be the right next step in your journey. We look forward to receiving your application.
Inspira Financial provides health, wealth, retirement, and benefits solutions that strengthen and simplify the health and wealth journey. With more than 7 million clients, representing over $62 billion in assets, Inspira works with thousands of employers, plan sponsors, recordkeepers, TPAs, and other institutional partners -- helping the people they care about plan, save, and invest for a brighter future. Inspira relentlessly pursues better outcomes for all with our automatic rollover services, health savings accounts, emergency savings funds, custody services, and more. Learn more at inspirafinancial.com .
We have been recognized for our remarkable growth on lists such as Crain's Fast 50 and Inc. 5000, and for our outstanding workplace culture and benefits with Built In's 2025 Best Places to Work and Gallagher's 2022 Best-In-Class Employer awards.
Job Summary & Responsibilities
The Sr. Cloud Security Engineer (Sr. CSE) is a hybrid cloud and security engineering role responsible for the hands-on remediation of infrastructure and cloud vulnerabilities, ensuring cloud and infrastructure resources maintain compliance with established policies and Minimum - Security Baselines (MSBs), and reporting the organization's current compliance posture. The Sr. CSE will partner with the Security team to define, author, and maintain cloud security policies - keeping pace with evolving industry trends and regulatory requirements. This role will also actively participate in audit activities, including evidence gathering, reporting, and cross-functional collaboration with Compliance, Legal, and IT teams.
Duties & Responsibilities:
Vulnerability Remediation & Security Operations
  • Perform hands-on remediation of infrastructure and cloud vulnerabilities, driving issues to closure within established SLAs and policy requirements
  • Operate and administer vulnerability management and cloud security posture management (CSPM/DSPM) tooling - managing scan coverage, remediating findings, and reporting on SLA adherence
  • Identify , prioritize, and remediate cloud misconfigurations and security posture gaps across the organization's Azure subscriptions and infrastructure
  • Implement and validate security controls across cloud-native services, IaaS, PaaS, and container-based workloads
  • Maintain and enforce secure configurations across firewalls, network security components, application delivery infrastructure, and compute platforms in partnership with the Security Team
  • When needed, assist with privileged credential hygiene, certificate lifecycle, and secrets governance across the environment
  • Support the hardening of Windows and Linux server environments through configuration management and compliance-as-code practices
  • Maintain awareness of known and emerging vulnerabilities across the full technology stack - cloud services, OS platforms, network components, and application runtimes

Compliance, Policy & Reporting
  • Monitor and report the organization's compliance posture against established security policies, baselines, and regulatory frameworks
  • Partner with the Security team to define, author, and maintain cloud and infrastructure security policies - keeping pace with evolving industry trends and regulatory requirements
  • Review and update existing policies on a regular cadence to reflect changes in the cloud environment and threat landscape
  • Produce accurate , timely compliance posture reports for leadership - covering baseline adherence, vulnerability SLA performance, and remediation progress
  • Coordinate and assist in evidence collection and audit maintenance for internal and external organizational assessments, including regulatory audits and third-party risk reviews
  • Respond to findings from audits, security questionnaires, and internal/external scanning or penetration testing

CI/CD Pipeline & Infrastructure Security
  • Partner with Software E ngineering and App Security teams to embed security into CI/CD pipelines and deployment workflows - including secret scanning, least-privilege deployment identities, and secrets management integration
  • Review and advise on Infrastructure-as-Code ( IaC ) implementations from a security perspective, ensuring patterns align with security baselines and organizational standards
  • Support secure configuration management across server and cloud environments
  • Ensure PKI and certificate management practices are maintained across the environment - including TLS/SSL lifecycle, renewal processes, and certificate inventory

Technical Leadership & Mentorship
  • Serve as an informal technical leader and security subject matter expert across Cloud Engineering, Platform Engineering, and adjacent teams
  • Mentor engineers on security best practices, secure design patterns, and compliance requirements - elevating security competency across the department without direct people management responsibilities
  • Contribute to architecture and design reviews, providing a security lens on cloud platform decisions in partnership with the Cloud Architect

Cross-Team Collaboration
  • Cloud Engineering & Platform Engineering - consult on secure architecture, container platform hardening, network segmentation, and pipeline security practices
  • Identity & Access Management (IAM) - partner on identity governance, privileged access management, and access control policy enforcement
  • Incident Response / Vulnerability Management - collaborate with the Security Detection & Response team on vulnerability prioritization, SLA tracking, remediation coordination, and incident response activities
  • Audits & Assessments - provide technical support for evidence gathering, compliance posture reporting, and audit response
  • Application Development Teams - consult on security requirements for cloud-native application platforms, ensuring developer environments are built securely from the ground up

Additional Requirements:
As part of the evaluation process, candidates who progress beyond the initial screening will be required to complete a formal technical assessment to validate coding proficiency and technical competency.
Preferred Qualifications
Education & Experience
  • 10+ years of experience in cloud engineering, infrastructure, or security engineering - with demonstrated hands-on security work, not just advisory
  • Bachelor's Degree in Computer Science , Software/Computing Engineering, Information Security, or related field - or equivalent experience
  • Technical certifications preferred: AZ-500, SC-100, SC-200, AZ-104, or equivalent cloud/security certifications
  • Experience working in regulated industries (Financial Services, Insurance, or Health-Tech preferred)
  • Familiarity with compliance frameworks: NIST, HIPAA, PCI and Minimum Security Baselines (MSBs)

Skills & Abilities
Hands-on experience or significant exposure to the following services and concepts:
Cloud Platform - Azure
  • Networking & Security: Virtual Networks (VNETs) and peering, NSGs, UDRs, Private Endpoints, Azure Firewall, Application Gateways (including WAF - OWASP ruleset configuration, Detection vs. Prevention mode), ExpressRoute, VPN Gateways, and Azure Bastion
  • Compute & Containers: Virtual Machines, VM Scale Sets, AKS (Kubernetes), and Container App Environments - including cluster hardening, network policy enforcement, workload identity, and Azure Policy for Kubernetes
  • Identity & Access: Active Directory (on-prem, hybrid Entra Connect sync), Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policy design and enforcement, Azure RBAC (including custom role design), and Entra ID Protection
  • Security & Compliance Tooling: Microsoft Sentinel, Microsoft Defender for Cloud (Defender for Containers, Defender for Servers, Defender CSPM), and Azure Policy
  • Monitoring & Observability: Azure Monitor - KQL, alert rule configuration, log-based queries, and action group integrations; familiarity with Log Analytics Workspace architecture and log ingestion patterns at scale
  • Secrets & Certificates: Azure Key Vault and Key Vault CSI Secrets Store driver for AKS
  • Storage & Recovery: Storage Accounts, Backup Vault, and Azure Site Recovery
  • Virtual Desktop: Azure Virtual Desktop (AVD)

Security Tooling
  • Rapid7 - vulnerability management and scanning ( InsightVM or InsightIDR ); scan configuration, reporting, and SLA tracking
  • Wiz and/or Orca Security - CSPM/DSPM platform experience; cloud misconfiguration identification, prioritization, and remediation workflows
  • Microsoft Sentinel - SIEM administration, analytics rule management, and data connector configuration; familiarity with security log feeds from edge and email security platforms preferred
  • Microsoft Defender for Cloud - Defender plans (Servers, Containers, CSPM), agentless scanning, and security recommendation management
  • Datadog - log management, infrastructure monitoring, and security-adjacent alerting
  • Identity, Access & Privileged Access Management
  • Delinea Secret Server (Thycotic) - PAM administration, privileged credential vault management, and access policy configuration
  • Active Directory + Entra ID - hybrid identity, Entra Connect sync, group policy (GPO), DNS, and DHCP administration
  • Conditional Access, PIM, and RBAC - policy design, enforcement, and least-privilege access models at enterprise scale
  • Microsoft Intune - device compliance enforcement as part of a Zero Trust security posture
  • Certificate Management - PKI, TLS/SSL lifecycle management, certificate inventory, and renewal processes

Network & Perimeter Security
  • Cloudflare (Enterprise) - CDN, WAF, DDoS protection, and DNS proxy configuration and management
  • Network routing and VPN - hub-and-spoke topology, route tables, ExpressRoute, and VPN Gateway
  • Cisco ASAv - virtual firewall configuration and management
  • DNS, DHCP, and Group Policy - enterprise-scale administration in hybrid environments
  • DevOps, IaC & Pipeline Security
  • Azure DevOps (ADO) - CI/CD pipeline security, build agent management, and secure pipeline design
  • GitHub / GitLab - source control security, branch protection, secret scanning, and pipeline hardening
  • Infrastructure-as-Code ( IaC ) - Terraform, ARM templates, or Bicep - with a security-first approach to cloud deployments
  • CHEF - configuration management and compliance-as-code for server fleet hardening and baseline enforcement
  • Endpoint & Server Platforms
  • Windows Server - administration, hardening, security baseline enforcement, and Group Policy management
  • Linux Server - administration, hardening, and security baseline enforcement across enterprise server fleets
  • Microsoft 365 Suite - Exchange, SharePoint, Teams, and Intune - security configuration and administration

Frameworks & Compliance
  • Familiarity with NIST, HIPAA, and organizational Minimum Security Baselines (MSBs)
  • Understanding of Zero Trust architecture principles and how they apply across identity, network, and workload security
  • Familiarity with PCI-DSS scoped environment security requirements preferred
  • Experience operating in regulated industries (Financial Services, Insurance, or Health-Tech)

Experience with or exposure to the following developer runtimes and technologies is a plus, as this role will consult on security posture within environments built on:
  • ASP.NET, .NET, Java (JBoss / Hibernate / JMS), gRPC , Redis, SQL Server

Compensation & Benefits
$125,000- $155,000 per year

Similar Jobs at Inspira Financial

Yesterday
In-Office or Remote
225K-225K Annually
Senior level
225K-225K Annually
Senior level
Fintech
Responsible for business development in national accounts and middle markets; involves relationship building, managing negotiations, and generating leads.
Top Skills: Salesforce CRM
2 Days Ago
In-Office or Remote
76K-85K Annually
Mid level
76K-85K Annually
Mid level
Fintech
The Compliance Investigator will investigate and prevent fraudulent activities, maintain documentation, and collaborate with departments on fraud risk management and prevention strategies.
Top Skills: ExcelMicrosoft OutlookMicrosoft TeamsMicrosoft Word
3 Days Ago
In-Office or Remote
92K-102K Annually
Junior
92K-102K Annually
Junior
Fintech
Build and validate predictive models, analyze large structured and unstructured datasets, generate business insights, present analytic results to stakeholders, and develop tools to advance analytics capabilities.
Top Skills: ExcelMicrosoft WordOutlookSalesforce CRM

What you need to know about the San Francisco Tech Scene

San Francisco and the surrounding Bay Area attracts more startup funding than any other region in the world. Home to Stanford University and UC Berkeley, leading VC firms and several of the world’s most valuable companies, the Bay Area is the place to go for anyone looking to make it big in the tech industry. That said, San Francisco has a lot to offer beyond technology thanks to a thriving art and music scene, excellent food and a short drive to several of the country’s most beautiful recreational areas.

Key Facts About San Francisco Tech

  • Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Google, Apple, Salesforce, Meta
  • Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
  • Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
  • Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account