xAI· Information Security· Palo Alto, CA; Washington, D.C.
Security Engineer - Azure Government
Comp$180,000 – $440,000
Classified Tasks (15)
Automate 0%Augment 100%Human-Only 0%
Augment (15)
AI assists, human decides
Design, implement, and manage security architecture for Azure Government and Commercial deployments considering DoD IL5/IL6 and FedRAMP High controls
technical
Configure and optimize Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated response
technical
Design and enforce identity and access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just-in-time access
technical
Secure network architectures using Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpoints
technical
Protect data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controls
technical
Develop and maintain security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance with NIST, FedRAMP, CMMC, STIGs, and similar frameworks
administrative
Perform threat hunting, incident response, and forensic investigations using Microsoft Sentinel playbooks, Log Analytics, and KQL queries
analytical
Conduct security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloads
technical
Collaborate with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaults
communication
Monitor and remediate security findings, reduce attack surface, and improve overall security posture according to the Microsoft Cloud Security Benchmark (MCSB)
operational
Deploy configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services
technical
Build, strengthen, and maintain the cloud security posture and protect critical workloads across hybrid and multi-cloud environments
operational
Develop, implement, and leverage Microsoft native security tools to detect threats and respond to incidents
technical
Achieve and maintain compliance with government regulations such as FedRAMP and CMMC
administrative
Collaborate with engineering, DevOps, and compliance teams to embed security throughout the development lifecycle
communication
Job description
ABOUT xAI xAI’s mission is to create AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge. Our team is small, highly motivated, and focused on engineering excellence. This organization is for individuals who appreciate challenging themselves and thrive on curiosity. We operate with a flat organizational structure. All employees are expected to be hands-on and to contribute directly to the company’s mission. Leadership is given to those who show initiative and consistently deliver excellence. Work ethic and strong prioritization skills are important. All employees are expected to have strong communication skills. They should be able to concisely and accurately share knowledge with their teammates. ABOUT THE ROLE: We are seeking a skilled Azure Security Engineer to design, implement, and maintain robust security controls across our Azure Gov Cloud environment (including hybrid and multi-cloud scenarios). In this hands-on role, you will build, strengthen, and maintain our cloud security posture, protect critical workloads, and collaborate with engineering, DevOps, and compliance teams to embed security throughout the development lifecycle. You will develop, implement, and leverage Microsoft’s native security tools to detect threats, respond to incidents, and ensure alignment with industry standards and regulations. Lastly, you will be required to both achieve and maintain compliance with government regulations such as FedRAMP and CMMC. RESPONSIBILITIES: Implement, design, and manage security architecture for Azure Government and Commercial deployments (with considerations for DoD IL5\IL6 and FedRAMP High controls) Configure and optimize Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Defender for Endpoint, and related services for threat detection, vulnerability management, and automated response Design and enforce identity & access management using Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policies, RBAC, and just-in-time access Secure network architectures with Azure Firewall, Network Security Groups (NSGs), DDoS Protection, Web Application Firewall (WAF), Network Watcher, and private endpoints Protect data at rest and in transit via Azure Key Vault, encryption strategies, data classification, and information protection controls Develop and maintain security policies, initiatives, and blueprints using Azure Policy and Microsoft Purview for compliance (NIST, FedRAMP, CMMC, STIGs, etc.) Perform threat hunting, incident response, and forensics using Sentinel playbooks, Log Analytics, and KQL queries Conduct security reviews of Infrastructure as Code (IaC), containers, Kubernetes (AKS), and serverless workloads Collaborate with developers and architects to implement DevSecOps practices, including secure CI/CD pipelines, code scanning, and secure defaults Monitor and remediate security findings, reduce attack surface, and improve overall security posture per the Microsoft Cloud Security Benchmark (MCSB) Deploy configurations and compliance policies to Azure AVD endpoints using Intune and other Azure native services. BASIC QUALIFICATIONS: Active U.S. security clearance (e.g., Secret, Top Secret) or eligibility to obtain one. 3+ years