Overview
On Site
Compensation information provided in the description
Contract - W2
Skills
IT Consulting
Information Security
Security Analysis
Regulatory Compliance
Cloud Architecture
Hardening
Sensors
Real-time
Incident Management
Cloud Security
Continuous Monitoring
Dashboard
Knowledge Transfer
Documentation
Identity Management
PIM
JIT
Workflow
Virtual Machines
Remote Desktop
Remote Access
SIEM
Microsoft
Network Security
Virtual Private Network
Network
RBAC
Vulnerability Management
Vulnerability Scanning
Patch Management
Reporting
Scripting
Backup Administration
Recovery
Backup
Replication
Disaster Recovery
Storage
Analytical Skill
SQL Azure
Encryption
TDE
Auditing
Firewall
SQL
PaaS
Database
Access Control
Microsoft Azure
DevOps
GitHub
Continuous Integration
Continuous Delivery
Management
Cloud Computing
Law
Job Details
- JOB-7335
- Microsoft Azure Security Assessment Consultant
- Denver, CO
- Contract
- Link Technologies (LinkTechConsulting.com), a Las Vegas-based IT consulting firm, is currently seeking a Microsoft Azure Security Assessment Consultant to join our team in Denver, CO.
JOB SUMMARY
This role will work with the business technologies information security team to conduct a comprehensive security assessment of our Microsoft Azure environment, identify security gaps, and provide actionable recommendations to enhance overall security posture, governance, and compliance.
REQUIREMENTS- Five (5) years of hands-on Azure experience, whether in administration, engineering, architecture, or security is strongly preferred.
RESPONSIBILITIES- Evaluate Architecture:
- Review the Azure cloud architecture to identify potential security design flaws.
- Assess alignment with Microsoft's Cloud Adoption Framework, NIST CSF, and Zero Trust principles.
- Recommend Azure Security Policies:
- Recommend security baselines and Azure Policy definitions for security hardening.
- Identify and suggest policy initiatives (built-in and custom).
- Design CrowdStrike Cloud Sensors and Connectors:
- Assist with architecture and deployment planning for CrowdStrike sensors or connectors to enable real-time visibility and protection of cloud workloads, containers, and other Azure systems.
- Validate the Azure and Defender Ecosystem:
- Ensure CrowdStrike integrates effectively with Azure native tools such as Microsoft Defender for Cloud and Sentinel for event correlation, alerting, and incident response.
- Policy and Configuration Review:
- Review and recommend CrowdStrike policies to align with cloud security best practices (e.g., runtime protection, vulnerability detection, identity protection).
- Enable Continuous Monitoring and Alerts:
- Recommend dashboards, alert thresholds, and define escalation paths for cloud-specific threat detections within the CrowdStrike console.
- Knowledge Transfer and Documentation:
- Provide documentation and a walkthrough on how to monitor, maintain, and respond to alerts generated by CrowdStrike within the Azure environment.
- Review Firewall Rules and NSGs
- Analyze Firewall and Network Security Group (NSG) configurations.
- Identify overly permissive rules or potential misconfigurations.
- Recommend remediation and segmentation improvements.
- Role-Based Access Control (RBAC)
- Evaluate existing RBAC assignments for "least privilege" adherence.
- Identify use of overly broad role assignments.
- Recommend custom roles where applicable.
- Privileged Identity Management (PIM)
- Review implementation of Azure AD PIM.
- Validate configuration of just-in-time (JIT) access and approval workflows.
- Ensure administrative access is limited and monitored.
- Review Remote Access Methods:
- Assess all methods used to access Azure and connected resources remotely (e.g., VPN, Bastion, Just-in-Time VM access, remote desktop protocols, Azure Arc).
- Confirm that remote access events are being logged, retained, and monitored within Sentinel or other SIEM tools.
- Validate alerting for unusual access behavior.
- Microsoft Defender for Cloud
- Review Defender for Cloud configuration and coverage.
- Validate security recommendations and assess secure score posture.
- Ensure threat protection capabilities are appropriately enabled.
- Network Security
- Analyze Virtual Network (VNet) configurations and peering.
- Review ExpressRoute, VPN Gateways, and perimeter controls.
- Assess segmentation and network-level threat protection.
- Key Vault and Secrets Management
- Assess Azure Key Vault access policies, RBAC integration, and use of managed identities.
- Review expiration, rotation policies, and audit logging.
- Vulnerability Management
- Evaluate available vulnerability scanning tools and make recommendations on the future state.
- Review patch management practices and reporting.
- Resource Configuration Drift
- Analyze tools or scripts in place to detect drift from desired configurations.
- Recommend remediation and alerting mechanisms.
- Backups and Site Recovery
- Review backup policies and configurations.
- Evaluate replication and disaster recovery strategies for critical workloads.
- Log Collection and Alerting
- Review diagnostic log collection configurations.
- Validate log retention policies and storage accounts.
- Review alert rules and action groups for completeness and relevance.
- Azure Sentinel Integration
- Assess Azure Sentinel deployment and data connector coverage.
- Review workbook, analytic rule, and incident configurations.
- Validate SOAR (automation) playbooks and alert tuning.
- SQL and Azure Database Security
- Verify that transparent data encryption (TDE), threat detection, auditing, and firewall settings are properly configured for all SQL and PaaS database resources.
- Evaluate access control and use of Private Endpoints.
- CI/CD Pipeline Security
- Review Azure DevOps or GitHub-based CI/CD pipelines.
- Assess identity use, secrets management, and security scanning in pipelines.
- Recommend improvements for code-to-cloud traceability and shift-left security.
Link Technologies is an equal opportunity employer. All qualified applicants will receive consideration for employment without discrimination based on race, color, religion, sex, gender identity/expression, sexual orientation, national origin, protected veteran status, disability, or any other factors protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.