Cloud Security Engineer

About the Role

• Define, maintain, assess and govern cloud security related framework, policies, processes for MSL.
• Configure, test, implement and maintain cloud security related infrastructure/tools deployed.
• Implement and maintain data classification and labeling (Purview Information Protection), govern auto-labeling policies and testing.
• Test, Implement and tune DLP to MSL/Singapore data categories to minimise false positives with stakeholder sign-off.
• Test and perform key and certificate governance and rotation operations
• Produce regulatory evidence (label adoption, DLP effectiveness, incident handling artefacts) and run user awareness for sensitive data handling.
• L2 technical and incident response for cloud related security incident / compromise, and coordinate with SOC/Sentinel.

Key Responsibilities

1. Cloud security tooling and platform control implementation

• Configure/test/maintain security tools (e.g., Purview, DLP, Defender for Cloud, Sentinel connectors, CASB features as applicable).
• Define runbooks, monitoring, alert tuning.
• Implement change management, rollback plans, and BAU maintenance.

2. Cloud security governance

• Maintain documentation (e.g. policies, procedures, etc.) on cloud security, Azure/M365/AWS.
• Run periodic control reviews and gap assessments on cloud security. Maintain traceability to regulatory and internal requirements.
• Management reporting

3. L2 engineering support and incident response

• L2 triage for cloud security incidents
• Investigate (logs, alerts, Purview/DLP events)
• Contain/remediate with SOC/Sentinel and platform teams;
• Control improvements

4. Implement data classification and labeling

• Implement sensitivity labels
• Configure auto-labeling policies
• Create test plans and UAT with business owners
• Manage label lifecycle (changes, deprecation, communications)

You are someone with:

• Bachelor's degree in Information Security, Computer Science, Engineering, Information Technology, or related field.
• Minimum of 5 years relevant experience in Microsoft Azure, AWS, cloud security, security and/or engineering.
• Microsoft certifications relevant to identity/security such as:

> SC-400 (Information Protection)

> SC-100 (Cybersecurity Architect)

> AZ-500 (Azure Security Engineer)

> CCSP or CISSP or CISM or CompTIA Security

• Relevant working experience in regulated environments (e.g. banking, FSIs) and/or audit/regulatory engagements is an advantage.
• Cloud security engineering in Azure / M365, secure configuration, monitoring and logging.
• Defender/Sentinel integrations (or equivalent SOC tooling)
• Hands-on with Microsoft Purview Information Protection, and DLP across relevant workloads.
• Scripting/automation for operations and evidence. E.g. PowerShell (strongly preferred).
• Ability to translate requirements into practical standards and enforceable baselines.
• Strong documentation discipline.
• Strong stakeholder management.
• Incident mindset on structured triage, root cause thinking, and continual control improvement.