Logo for CMG Financial

Senior DevOps Engineer

Role overview

Qualifications

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.
  • 3+ years in cloud security or cloud engineering, including hands-on Microsoft Azure security.
  • Core Cloud Security Skills (Azure) including Microsoft Defender for Cloud and Azure Policy.
  • Preferred Certifications AZ-500, SC-100, or a relevant GIAC credential.

Responsibilities

  • Operate and tune Microsoft Defender for Cloud across Azure subscriptions.
  • Enforce preventative guardrails with Azure Policy and benchmark configuration.
  • Apply least-privilege access in Microsoft Entra ID using Azure RBAC.
  • Engineer Microsoft Sentinel data ingestion and build detections.

About the company

CMG Financial logo

CMG Financial

Financial Services

Nationwide mortgage lender with Correspondent, Wholesale, and Retail origination channels. NMLS# 1820 Throughout the mortgage industry, CMG Financial is known for its innovation of product and continued investment in technology. From HomeFundIt, the down payment gifting platform to the All In One Loan, the smarter way to borrow, CMG develops mortgage solutions that serve the needs of every borrower.CMG Financial holds federal agency lending approvals with HUD, VA, RHS, GNMA, FNMA and FHLMC and makes its products and services available through three distinct origination channels: Retail, Correspondent, and Wholesale Lending. Team CMG specializes in all new purchase and refinance mortgage needs and act as financial counselors to help borrowers make informed decisions. Find out what β€œEvery Customer, Every Time. No Exceptions, No Excuses.” means to us!

Company details

Company typeSME
IndustryFinancial Services
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Description

CMG Financial is hiring a Security Engineer for our cloud environment to help secure our Azure-primary cloud and the hybrid environment that supports one of the nation's largest privately held mortgage lenders. Working within the Information Security team, you will harden cloud posture, tighten identity and access, and build the detection and automation that keep our environment defensible. This role is built for growth: you will own meaningful cloud security work from the start and expand your scope and depth over time. It operates in a highly regulated lending environment, subject to regulatory examinations and investor and agency audits.

 

 

 

 

ESSENTIAL DUTIES and RESPONSIBILITIES, includes the following responsibilities, but not limited to:

 

 

  • Operate and tune Microsoft Defender for Cloud (CSPM/CNAPP) across Azure subscriptions, remediating misconfigurations and excessive access.
  • Enforce preventative guardrails with Azure Policy and benchmark configuration against CIS Benchmarks and the NIST Cybersecurity Framework.
  • Apply least-privilege access in Microsoft Entra ID using Azure RBAC, PIM, and Conditional Access, and run periodic access reviews and attestations.
  • Use Microsoft Purview and Defender for Cloud data-aware posture (DSPM) to classify and protect sensitive cloud data.
  • Embed security into Terraform and GitHub Actions pipelines, including IaC scanning, policy-as-code, and secrets management.
  • Support threat modeling and secure design reviews for new and changing cloud workloads.
  • Engineer Microsoft Sentinel data ingestion (data connectors, Data Collection Rules and Endpoints) and build detections.
  • Integrate Microsoft Defender for Cloud and Defender XDR signals into Sentinel for unified detection and response.
  • Support cloud threat hunting, incident response, and automation of enrichment and remediation.
  • Map cloud controls to recognized frameworks and produce control evidence for regulatory examinations and investor and agency audits.

 

 

 

REQUIRED QUALIFICATIONS:

 

Education and Experience

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field, or equivalent practical experience.
  • 3+ years in cloud security or cloud engineering, including hands-on Microsoft Azure security.

Core Cloud Security Skills (Azure)

  • Microsoft Defender for Cloud, Azure Policy, and Microsoft Entra ID (Azure RBAC, PIM, Conditional Access).
  • Cloud security posture management (CSPM/CNAPP), with the ability to find and remediate misconfigurations and excessive access.

DevSecOps and Automation

  • Infrastructure-as-Code with Terraform and CI/CD security in GitHub Actions.
  • Scripting and automation with Python, PowerShell, and KQL. Using GenAI to generate and validate scripts is welcomed and approved.

Detection and Monitoring

  • Microsoft Sentinel, including Log Analytics ingestion (data connectors, DCR/DCE).
  • Security architecture, design review, and threat modeling, with working knowledge of NIST CSF and CIS Benchmarks.

Preferred Certifications

  • AZ-500, SC-100, or a relevant GIAC credential (GCSA, GCDA, or GCFR).

Nice to Have

  • Hands-on AWS security (the role is Azure-primary; AWS is a plus).
  • GitHub Advanced Security (GHAS); container and Kubernetes (AKS) security.
  • Secrets and key management (Azure Key Vault).
  • Experience in financial services, mortgage, or other highly regulated industries, including producing audit and examination evidence.

 

 

 

SUPERVISORY RESPONSIBILITIES:

Direct Reports: N/A

 

 

PHYSICAL and ENVIRONMENTAL CONDITIONS

This role operates in an ADA compliant office environment, utilizing typical office equipment and tasks including computer work. The position may involve partial stationary positions and moving throughout the day. Flexibility to work overtime to meet project deadlines is required.

 

 

Base Compensation Information – This role is a remote position that is currently allocated for candidates within geographic regions that do not currently require base wage disclosure. The compensation range for this position will be provided upon request.β€―(Due to their geographic location, residents of the states of CA & CO, and for NY are excluded from this role at this time.) 

CMG Financial is an equal opportunity employer and does not unlawfully discriminate in employment decisions. CMG will consider all qualified applicants without regard to race, religion, national origin, sex, age, veteran status, disability, familial status, marital status, actual or perceived sexual orientation, or actual or perceived gender identity. Applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of CMG Financial or reach out to [email protected].

CMG MORTGAGE, INC. NMLS #1820 If you are a recruiter or placement agency, please do not submit resumes to any person or email address at CMG Financial prior to having a signed agreement . CMG Financial is not liable for and will not pay placement fees for candidates submitted by any agency other than its approved recruitment partners. Furthermore, any resumes sent to us without an agreement in place will be considered your company’s gift to CMG Financial and may be forwarded to our recruiters for their attention.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
Β·

DevOps Engineer Related jobs

Other jobs at CMG Financial

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.