We are seeking a Lead Azure AI Security Engineer to provide technical leadership and subject matter expertise in securing Azure and Microsoft cloud environments at enterprise scale. In this role, you will design and improve security architecture while leveraging AI-powered tools to automate and enhance daily security engineering activities across hybrid and multi-cloud environments.
Feel free to work remotely from anywhere across Latvia or connect with colleagues at our Riga office.
Responsibilities
- Provide technical leadership and subject matter expertise in securing Azure and Microsoft cloud environments at enterprise scale
- Design, implement and improve security architecture across Azure, Microsoft 365, Microsoft Entra ID, hybrid and multi-cloud environments, with Azure as the primary cloud platform
- Work across key cloud security domains including CSPM/CNAPP, Identity and Access Management, Privileged Access Management, Data Protection and Data Loss Prevention, Microsoft Defender security stack, SIEM/SOAR, Business Continuity and Disaster Recovery, DevSecOps, container and Kubernetes security and policy-as-code
- Plan, design and implement security controls for cloud workloads, applications, infrastructure and data
- Collaboration with engineering, infrastructure, development, DevOps, database, operations and compliance teams to embed security into the full delivery lifecycle
- Support implementation and continuous improvement of Zero Trust architecture, secure authentication, conditional access, least privilege and identity protection
- Develop and maintain automation scripts, workflows and security tooling using PowerShell, Python, Azure CLI, Logic Apps, Azure Functions, KQL and REST APIs
- Use AI-powered tools and agentic workflows to automate and improve security activities such as findings triage, log analysis, incident investigation support, configuration review, compliance evidence collection and vulnerability analysis
- Design or integrate AI agents and AI-assisted automations using modern AI platforms and frameworks while ensuring proper security, privacy and governance controls
- Contribute to secure adoption of AI technologies by defining guardrails for data protection, access control, prompt security, model usage, auditability and human-in-the-loop processes
- Train and support other team members on cloud security practices, security processes and AI-assisted automation approaches
Requirements
- 3+ years of experience in software development
- Bachelor's degree in Computer Science, Information Security, Engineering or equivalent practical experience
- Hands-on experience with Microsoft Azure services
- Strong understanding of cloud security concepts, Azure architecture and enterprise-scale cloud environments
- Practical experience with Microsoft Entra ID/Azure Active Directory, Microsoft Defender for Cloud and Microsoft Defender XDR
- Skills in Microsoft Sentinel, Microsoft Purview and Microsoft Intune
- Proficiency in Conditional Access, Identity Protection and Privileged Identity Management
- Competency in Key Vault, Azure Policy and Azure Monitor/Log Analytics
- Strong engineering background including experience with Active Directory, Microsoft Entra ID, Microsoft 365, Exchange Online and hybrid identity
- Security engineering experience in at least one business or technology domain along with participation in at least several production projects
- Understanding of software development lifecycle, DevOps/DevSecOps practices, cloud security assessment methodologies and secure-by-design principles
- Ability to work closely with developers, business analysts, QA engineers, architects, project managers, infrastructure and operations teams and to follow, maintain and improve defined security processes
- Practical understanding of AI-assisted productivity and automation including building or configuring AI agents, integrating LLMs with tools, APIs and workflows, prompt engineering and using AI tools securely with awareness of sensitive data handling
- Good communication skills and ability to explain security risks, technical decisions and remediation plans to both technical and non-technical stakeholders
Nice to have
- Skills in scripting and automation using PowerShell, Python, Bash, Azure CLI, Terraform or Bicep
- Familiarity with SIEM/SOAR platforms, especially Microsoft Sentinel, KQL and Logic Apps
- Experience with CNAPP/CSPM/CWPP/CIEM tools such as Prisma Cloud, Wiz and Orca or Lacework, Check Point CloudGuard and CrowdStrike or Tenable and Rapid7
- Understanding of compliance frameworks such as ISO 27001, NIST and CIS Benchmarks or PCI DSS, HIPAA and HITRUST
- Knowledge of container and Kubernetes security including AKS, container registries and image scanning
- Familiarity with AI/LLM platforms such as Azure OpenAI, Azure AI Foundry and Microsoft Copilot Studio or Semantic Kernel, LangChain and AutoGen
- Understanding of AI security risks including data leakage, prompt injection, excessive agency and AI supply chain risks
- Experience implementing AI governance and secure AI usage policies aligned with frameworks such as NIST AI RMF, OWASP Top 10 for LLM Applications or ISO/IEC 42001
- AZ-500, SC-100, SC-200
- SC-300, SC-400, AZ-104
- AZ-305, CISSP, CISM
- CISA, CCSK, CCSP, SSCP
- AI-900, AI-102, PL-900/PL-200
We offer
- Engineering Heritage: Best-in-class experts sharing a culture of engineering excellence and tackling complex engineering challenges for over 30 years.
- Advanced Tech Stack: Innovative projects where you can apply or enhance your expertise in Cloud, Data, AI, and other emerging technologies.
- World-Class Clients: Work closely with 340+ of the Forbes Global 2000 on creating disruptive solutions that make a global impact.
- Professional Growth: Exceptional support for career development with comprehensive resources for upskilling or reskilling in pioneering practices.
- GenAI Community: Strong AI competencies with 600+ experts across 55+ locations driving GenAI-enabled transformation journeys.
- Entrepreneurial Culture: If you're passionate and dedicated to improving business transformation, we provide the support you need to bring your ideas to life.
- Hybrid Setup: The flexibility to work from any location in Latvia, whether it's your home or our office in Riga.
- Other Benefits: Additional vacation and trust days, private health insurance, Employee Stock Purchase Plan and more.
Salary range €4.2K-€6K gross, based on your experience and interview results.
EPAM is a leading global provider of digital platform engineering and development services. For over 30 years, our team has helped leading brands navigate the waves of digital transformation, building solutions that help them stay competitive through constant market disruption.With offices in 55+ countries, EPAM has grown in Latvia to over 150+ talented innovators in 4 years. We foster creativity and unconventional ways of doing things, welcoming like-minded professionals to join us.
Key Skills
Ranked by relevance
Related Jobs
3 roles aligned with this opportunity
Lead Azure AI Security Engineer
2026-07-01
Lead AI-Augmented IAM Security Engineer
2026-07-01
Lead AI Security Engineer
2026-07-01
- Posted
- Jul 01, 2026
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Latvia
- Company
- EPAM Systems
Industries
Categories
Related Jobs
3 roles aligned with this opportunity
Lead Azure AI Security Engineer
2026-07-01
Lead AI-Augmented IAM Security Engineer
2026-07-01
Lead AI Security Engineer
2026-07-01