We are seeking a highly skilled Azure Security Architect to design, implement, and oversee robust security frameworks within our cloud environment. The ideal candidate will act as a technical leader, ensuring that our Azure infrastructure is resilient against evolving threats while maintaining seamless connectivity and performance.
You will focus specifically on the intersection of network topology and security, bridging the gap between infrastructure deployment and zero-trust security principles.
Key Responsibilities:
* Security Architecture Design: Develop and maintain end-to-end security architectures for complex Azure environments, ensuring alignment with CIS benchmarks and Microsoft Best Practices.
* Network Segmentation: Design and implement granular network security strategies, focusing on Subnet-level isolation and micro-segmentation using Network Security Groups (NSGs) and Application Security Groups (ASGs).
* Firewall Management: Lead the deployment and configuration of Azure Firewall (Standard and Premium) and Third-Party Network Virtual Appliances (NVAs) to manage north-south and east-west traffic.
* Secure Gateway Integration: Architect secure entry points using Azure Application Gateway (with WAF), Azure Front Door, and VPN/ExpressRoute Gateways for encrypted cross-premise connectivity.
* Identity & Governance: Integrate Azure Active Directory (Microsoft Entra ID) with network security controls to enforce Conditional Access and Privileged Identity Management (PIM).
* Automation (DevSecOps): Use Infrastructure as Code (ARM Templates, Bicep, or Terraform) to automate the deployment of secure subnets, rules, and gateway configurations.
Technical Requirements:
* Azure Core Infrastructure: Deep expertise in Virtual Networks (VNet), VNet Peering, and Hub-and-Spoke topologies.
* Network Security: Advanced knowledge of Subnet-level security, including User Defined Routes (UDRs) to force-tunnel traffic through security appliances.
* Gateway Technologies: Hands-on experience configuring Application Gateway (Layer 7 load balancing + WAF) and VPN Gateways (S2S/P2S).
* Threat Protection: Proficiency with Azure Bastion, Azure DDoS Protection, and Microsoft Defender for Cloud.
* Monitoring & Response: Experience utilizing Azure Monitor and Sentinel to analyze network logs and respond to security incidents.
Preferred Qualifications:
* Certifications: Microsoft Certified: Azure Security Engineer Associate (AZ-500) or Microsoft Certified: Cybersecurity Architect Expert (SC-100).
* Education: Bachelor’s degree in Computer Science, Information Security, or a related field.
* Experience: 5+ years in a dedicated Security Architecture or Network Engineering role with at least 3 years focused on Microsoft Azure.
Why Join Us?
You will have the autonomy to shape our cloud security posture from the ground up, working with cutting-edge Azure services to protect critical data and infrastructure in an agile environment.
Never miss an opportunity! Create an alert based on the job you applied for.
