Azure Cloud Security Architect

Job Title: MS Azure Cloud Security Architect

Location: Denver, CO

Contract to Hire Position.

Key Responsibilities:

• Architect Secure Azure Solutions: Design and develop comprehensive security architectures for web, mobile, API, and cloud-native applications hosted on Azure.
• Azure Cloud Security Leadership: Act as the primary SME for Azure security, providing expert guidance on securing IaaS, PaaS, and SaaS deployments within the Azure ecosystem. This includes deep knowledge of:
• Azure Networking Security: NSGs, ASGs, Azure Firewall, WAF (Azure Front Door/Application Gateway), Private Link, VPNs, ExpressRoute.
• Azure Identity & Access Management (IAM): Azure Active Directory (AAD), Conditional Access, PIM, MFA, Hybrid Identity.
• Azure Data Protection: Azure Key Vault, Azure Storage encryption, Azure SQL Database security, Azure Disk Encryption.
• Azure Security Services: Azure Security Center (Defender for Cloud), Azure Sentinel, Azure Policy, Azure Monitor, Azure DDoS Protection.
• Application Security Expertise: Conduct threat modeling, security reviews, and vulnerability assessments (SAST/DAST) for applications leveraging Azure services to identify and mitigate risks.
• Secure SDLC Integration: Drive the adoption of secure coding practices and integrate security automation tools (e.g., Static/Dynamic Application Security Testing) within Azure DevOps CI/CD pipelines.
• Security Standards & Policies: Develop and enforce security policies, standards, and architectural guidelines specifically for Azure deployments, ensuring alignment with industry best practices (e.g., OWASP Top 10, Microsoft Security Best Practices, CIS Benchmarks for Azure).
• Incident Response & Remediation: Collaborate with incident response teams, providing architectural insights for investigation and effective remediation of security incidents related to Azure infrastructure and applications.
• Consultation & Training: Advise development, operations, and other IT teams on Azure security best practices, emerging threats, and secure design patterns.
• Technology Evaluation: Research, evaluate, and recommend new Azure security services and third-party tools to enhance our security posture.

Required Skills & Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 10+ years of experience in information security, with a strong focus on security architecture.
• Proficiency with Azure security services (e.g., Azure Security Center/Defender for Cloud, Azure Sentinel, Azure Policy, AAD, Key Vault, Network Security Groups, Azure Firewall, WAF).
• Strong understanding of secure software development lifecycle (SSDLC) principles and practices within an Azure DevOps context.
• Experience with Infrastructure as Code (IaC) tools (e.g., Azure Resource Manager templates, Terraform) and their security implications.
• Familiarity with common security frameworks and compliance standards (NIST, ISO 27001, SOC 2, GDPR, HIPAA, PCI DSS) as they apply to Azure environments.
• Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
• Strong analytical and problem-solving abilities