Staff Security Engineer

The Staff Infrastructure & Security Engineer is the sole technical owner of all cloud infrastructure, cybersecurity, identity, endpoint operations, and DevOps platform engineering for a 240-person business management consultancy operating a large-scale Azure and Microsoft Fabric environment. This role reports to the IT Director and is accountable for the end-to-end buildout, hardening, and operational excellence of every infrastructure and security workstream on the 2026 roadmap.

This includes SIEM deployment and zero-trust identity, disaster recovery, cloud cost optimization, and the CI/CD and hosting infrastructure powering our proprietary AI platform, the Hub a multi-tenant \"Super App\" serving internal teams and external clients across multiple verticals, with a suite of AI-driven applications (Trainer, SalesIQ, Jarvis, Knowledge, Momentum, Dashboards, Blueprints, Capture) shipping at high velocity across web and mobile.

This is not a maintenance role: it is a greenfield buildout of enterprise-grade infrastructure, security posture, and developer platform across 80+ SharePoint sites, multiple Fabric Lakehouses, a growing multi-tenant client ecosystem, and a product engineering organization that needs world-class deployment and observability tooling.

This role requires an AI-native engineer

• LLM fluency is a hard requirement not a preference. The throughput expected of this role assumes active, daily use of AI tooling to achieve what typically requires a multi-person team.
• Claude AI (Anthropic) is provided and expected to be used for IaC authoring, detection rule development, runbook creation, policy generation, log analysis, and automation scripting.
• Engineers who embrace AI as a force multiplier will thrive here. Those who don't will struggle to keep pace with the scope.

Required competencies

• Deep, hands-on expertise across Azure cloud infrastructure compute, networking, storage, Entra ID, Intune, Defender, and Sentinel or equivalent SIEM with the ability to architect and implement at enterprise scale without a team.
• Hands-on experience with container orchestration (Kubernetes/AKS or Azure Container Apps), CI/CD platforms (GitHub Actions, Azure DevOps), and IaC (Terraform strongly preferred; Bicep/ARM acceptable) for both corporate and application hosting environments.
• Strong application-level observability skills Datadog, Application Insights, Grafana with the ability to instrument, monitor, and troubleshoot distributed systems serving web and mobile clients.
• AI fluency is a hard requirement: Demonstrated proficiency using LLMs and AI-assisted tooling (Claude, Copilot, or equivalent) to accelerate IaC authoring, security policy generation, detection rule development, runbook creation, and automation scripting.
• Command-level knowledge of modern security frameworks (NIST, CIS, zero-trust principles) and practical experience implementing identity governance, endpoint hardening, DLP, SIEM/SOAR, and vulnerability management programs.
• Proven ability to own and execute 46 concurrent technical workstreams independently prioritizing ruthlessly and delivering production-grade results without dedicated project management support.
• Strong understanding of Microsoft Fabric, OneLake, and SharePoint Online administration, including data governance, access controls, and integration with the broader M365 ecosystem.
• Exceptional written and verbal communication skills, with the ability to translate complex infrastructure and security decisions into clear business-risk language for non-technical executives.
• Track record of building from zero standing up programs, processes, and tooling in environments where none existed rather than inheriting and maintaining mature infrastructure.

Preferred qualifications

• Experience with SIEM/SOAR platforms (Microsoft Sentinel preferred; Splunk or equivalent acceptable) and detection engineering.
• Familiarity with Microsoft Fabric and OneLake in production data environments.
• Exposure to compliance/security frameworks (SOC 2style controls) and evidence-driven operations.
• Experience supporting multi-tenant SaaS platforms especially with data isolation, per-tenant observability, and secure deployment patterns.
• Mobile delivery experience (iOS/Android via CI/CD pipelines, app store deployments, MDM integration).
• Certifications (nice to have): AZ-104, AZ-500, SC-200 (Sentinel), Terraform Associate, CKA/CKAD, CISSP/CISM, Security+.

Additional requirements

• Onsite role at the primary office; travel to Scottsdale and other locations as needed.
• Participation in an on-call rotation
• Ability to lift and handle IT equipment (APs, switches, firewalls, laptops) for deployments and desk setups.

Commitment to diversity

As an equal opportunity employer committed to meeting the needs of a multigenerational and multicultural workforce, Cardone Ventures recognizes that a diverse staff, reflective of our community, is an integral and welcome part of a successful and ethical business. We hire local talent at all levels regardless of race, color, religion, age, national origin, gender, gender identity, sexual orientation, or disability, and actively foster inclusion in all forms both within our company and across interactions with clients, candidates, and partners.