Overview
Provide expertise with definition, design, engineering, and validation of security configuration of technology platforms in the cloud and on-premises. Advise and influence technology and business personnel regarding safeguarding information, applications, systems, infrastructure, and activities.
Key Responsibilities
- Provide cybersecurity assurance expertise for IT initiatives with a focus on Microsoft Azure, Entra ID and hybrid cloud environments.
- Define, guide engineering, and validate implementation of technology agnostic security control standards, technology-specific configuration baselines, and implementation guidelines.
- Maintain impartiality to produce unbiased reports on information security risk.
- Conduct quality assurance reviews of security requirements and audit recommendations.
- Communicate requirements and provide guidance to staff and stakeholders on appropriate security design and technical configuration.
- Work closely with IT project teams to develop and implement security controls for new and existing cloud services.
- Identify opportunities to improve business practices or IT security-related processes.
- Prioritize, monitor, and assess compliance and audit recommendation results.
- Support Zero Trust initiatives.
- Develop and maintain scripts and templates to perform compliance checks and generate reporting.
- Support logging and monitoring efforts.
- Contribute to secure design, architecture and configuration of services.
- Design and validate security configuration baselines for SaaS platforms.
- Support information security assurance manager with audit and compliance initiatives.
- Keep abreast of international standards, best practices and regulations.
- Analyze, recommend, and implement process improvements within information security.
Required Experience
- Minimum of 10 years of relevant experience working in cloud security, assurance, or architecture roles; OR Advanced degree plus a minimum of 4 years of relevant experience working in cloud security, assurance, or architecture roles.
Technical Experience should include:
- Proven track record delivering technical security assurance and engineering solutions, with hands-on experience in operational security for regulated environments, especially in Azure and Microsoft cloud platforms.
- Multi-cloud security posture management and familiarity with tools like Wiz, Orca, Prisma Cloud, Microsoft Defender for Cloud, etc.
- Extensive technical hands-on security experience across a broad range of Microsoft cloud services, including Azure IaaS/PaaS, Entra ID, Conditional Access Policies, PIM; Azure Policy and Defender for Cloud; Intune; Graph API, Azure Monitor and Microsoft Sentinel; Microsoft 365 security (Exchange Online, Teams, SharePoint/OneDrive), and other key components of the Microsoft security ecosystem such as Purview.
- Advanced working knowledge (preferably previous hands-on experience) in: Windows/Linux administration fundamentals, Firewalls, Active Directory/Entra hybrid concepts, and Azure networking (VNets, subnets, NSGs, Private Link, Application Gateway).
- Zero Trust principles; Azure Firewall/WAF and cloud edge controls; SIEM/SOAR (Microsoft Sentinel preferred); familiarity with enterprise security tooling and NDR concepts.
- Proficiency in PowerShell scripting to automate compliance checks, configuration, and reporting across Azure and Entra ID.
- Deep expertise with Entra ID app registrations, OAuth 2.0/OIDC flows, delegated vs. application permissions, Graph API consent models, admin/user consent workflows, and permission governance.
- Experience with Power Automate, Power Apps, Power BI, Data Factory
- Demonstrates expertise in securing infrastructure, application and database components through tailored hardening approaches.
- Hands-on experience with Infrastructure as Code (IaC) security scanning (e.g., Checkov, tfsec, etc.).
- Securing Kubernetes clusters and containerized workloads (e.g., AKS, etc.).
- Experience with serverless security (e.g., Azure Functions, etc.) and related risks.
- Automation of security controls and compliance checks using scripting (Python, Bash, PowerShell).
- Pragmatic security expert with an inherent ability to balance security demands with business reality.
- Demonstrates a commitment to continuous learning.
- Strong knowledge of security solutions, emerging threats, and effective countermeasures.
Qualifications
- Education:
- Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study.
- OR
- Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study.
- Certifications:
- (Minimum plus at least 2 preferred)
- CISSP or CISM (minimum required)
- Microsoft Certified: Azure Security Engineer Associate (minimum required)
- CCSP (preferred)
- Microsoft Certified: Cybersecurity Architect Expert (preferred)
- Microsoft Certified: Azure Solutions Architect Expert (preferred)
- Microsoft Certified: Azure Administrator Associate (preferred)
- Microsoft Certified: Azure DevOps Engineer Expert (preferred)
- Other Microsoft cloud security related certifications at the Expert level (preferred)
- GIAC cloud security related certifications (preferred)