Cloud Security Engineer

Werfen is a growing, family-owned, innovative company founded in 1966 in Barcelona, Spain. We are a worldwide leader in specialized diagnostics in the areas of Hemostasis, Acute Care Diagnostics, Transfusion, Autoimmunity, and Transplant. Through our Original Equipment Manufacturing (OEM) business line, we research, develop, and manufacture customized assays and biomaterials. We operate directly in 30 countries, and in more than 100 territories through distributors. Our Headquarters and Technology Centers are located in the US and Europe, and our workforce is more than 7,000 strong.

Our success comes from a specific focus in these rapidly evolving diagnostic areas, our commitment to customers, and our dedication to innovation and quality. We're passionate about providing healthcare professionals the most valuable and complete solutions to improve hospital efficiency and enhance patient care.

Job Summary

We are seeking a skilled and security-conscious Cloud Engineer to join our dynamic Cybersecurity team. This role is pivotal in designing, deploying, and maintaining our secure cloud infrastructure, with a primary focus on Microsoft Azure and the M365 ecosystem. You will be responsible for translating security requirements into tangible technical controls, ensuring our cloud services are resilient, compliant, and hardened against modern threats. This position directly adds value by enhancing the organization's security posture and enabling the business to leverage cloud technologies safely and efficiently. Your unique contribution will be as the subject matter expert who bridges the gap between cloud infrastructure and cybersecurity policy.

Key Accountabilities

• Design, deploy, and manage secure cloud infrastructure (IaaS, PaaS, SaaS) in Microsoft Azure, ensuring alignment with security best practices and architectural standards.
• Administer and secure the Microsoft 365 environment, including Entra ID, Exchange Online, SharePoint, and Teams, with a focus on implementing robust security configurations and policies.
• Implement, manage, and tune M365 security tools such as the Microsoft Defender suite, Purview Information Protection, and Microsoft Intune for endpoint management and data loss prevention.
• Utilize scripting languages, primarily PowerShell, to automate security tasks, compliance checks, reporting, and administrative routines within Azure and M365.
• Manage Identity and Access Management (IAM), including roles, permissions, and privileged access (PIM), enforcing the principle of least privilege across all cloud platforms.
• Configure and manage cloud networking components, such as Virtual Networks (VNETs), Network Security Groups (NSGs), and Azure Firewall to segment and protect network traffic.
• Monitor cloud environments for security threats, vulnerabilities, and misconfigurations, and collaborate with the Security Operations Center (SOC) during incident response.
• Create and maintain comprehensive documentation for cloud architecture, security configurations, and operational procedures to ensure clarity and business continuity.
• Performs other duties and responsibilities as assigned.

Networking/Key relationships

• Cybersecurity Team: Collaborate daily on security strategy, threat intelligence, incident response, and implementing security controls.
• IT Infrastructure Team: Partner on network integration, on-premises connectivity (hybrid cloud), and core infrastructure dependencies.
• Application Development Teams: Advise on secure development practices and CI/CD pipelines to ensure applications are deployed securely in the cloud.
• IT Service Desk: Act as a tier 3 escalation point for complex cloud and M365-related security issues.
• Compliance & Audit Teams: Provide evidence and support during internal and external audits to demonstrate adherence to security frameworks and regulations.
• Business Stakeholders: Engage with various departments to understand their needs and implement cloud solutions that enable their goals without compromising security.
• External Vendors (e.g., Microsoft): Manage vendor relationships for technical support, licensing, and staying abreast of new security features and product roadmaps.

Minimum Knowledge & Experience for the position:

• Education: Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, or a related field, or equivalent professional experience.
• Experience: 3-5 years of hands-on experience in a cloud engineering, systems administration, or cybersecurity role with a strong focus on cloud environments. Direct experience deploying and securing solutions in Microsoft Azure and M365 is required.

Skills & Capabilities:

• Strong proficiency in Microsoft Azure services (IaaS and PaaS), including Virtual Machines, Storage, VNETs, and Azure App Services.
• In-depth knowledge of Microsoft 365 administration and security features, particularly Entra ID, Defender for Cloud Apps, Defender for Endpoint, and Intune.
• Experience with Infrastructure as Code (IaC) tools such as Terraform, Azure Bicep, or ARM Templates.
• Proficiency in scripting languages for automation, with a strong preference for PowerShell.
• Solid understanding of cloud networking concepts, including VNETs, subnets, NSGs, VPNs, and firewalls.
• Strong knowledge of core cybersecurity principles: Identity and Access Management (IAM), encryption, logging, monitoring, and threat modeling.
• Experience with both Windows Server and Linux operating systems in a cloud context.
• Excellent analytical and problem-solving skills, with the ability to troubleshoot complex technical issues.
• Strong verbal and written communication skills, capable of explaining complex concepts to both technical and non-technical audiences.
• Relevant industry certifications (e.g., Microsoft Certified: Azure Security Engineer Associate (AZ-500), Microsoft 365 Certified: Security Administrator Associate (MS-500)) are highly desirable.

Travel requirements:

Minimal travel required, approximately <5% per year.

If you are interested in constantly learning and being challenged on a daily basis we encourage you to submit your resume or CV.

Werfen is an Equal Opportunity employer and is committed to a diverse workplace. Werfen strictly prohibits unlawful discrimination, harassment or retaliation based upon an individual's race, color, religion, gender, sexual orientation, gender identity/expression, national origin/ancestry, age, mental/physical disability, medical condition, marital status, veteran status, or any other protected characteristic as defined by applicable state or federal law. If you have a disability and need an accommodation in relation to the online application process, please contact NAtalentacquisition@werfen.com for assistance.

We operate directly in over 30 countries, and in more than 100 territories through distributors. Annual revenue is approximately $2 billion and more than 7,000 employees around the world comprise our Werfen team.

www.werfen.com