Job Title / Role : Senior Azure Security Engineer / Architect
Total Experience : 12+ Years
A seasoned cloud security expert with in-depth knowledge on comprehensive security design, implementation and management across all cloud resources and services.
Key Responsibilities -
Design and implement extensive Cloud Security related activities that include, but not limited to :
End to End cloud security design and implementation for a 100% cloud (Azure) the environment in a highly sensitive financial data processing environment
Architecture and design of security controls, product best fit analysis to ensure an end to end security covering different approaches for layered security, zoning, Integration aspects, API, Endpoint security, Data Security, Compliance and regulations, Threat intelligence, Threat exposure & Incident management aspects for the cloud deployments
In-depth experience on Infrastructure Security design and deployments using combination of 3 rd -party and cloud-native security services (Azure AD, Azure Security Center, Azure VNets, VNet-peering, NSG, Azure DDoS, Load Balancers, WAF, Storage security, Azure API management, is a must.
Experience around Application risk profiling, Application security assessment for cloud native development and deployments
Hands-on experience in the technical deployment, configuration, integration, support, and administration of security technologies (e.
g. Firewalls, IPS, DDoS, SIEM, WAF, Endpoint etc.) for Azure cloud environment.
Experience around creating and audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements
Define and enforce policies and guardrails for extensive security controls across environments, educating a broad user base for effective distributed security responsibilities and best practices.
Well-versed with agile application development principles leveraging modern DevOps principles, embedding strong security throughout the CI / CD process (Azure DevOps).
Strong knowledge of security controls automation for effective DevSecOps implementation, monitoring, reporting, and operational support.
Must be well-versed with selection and deployments of best of breed security technologies from cloud-native and Azure Marketplace offerings.
Azure security monitoring, configuring, managing with a combination of security tools and policies
Configure rules for real-time alerting in SIEM tool for events
Lead continuous compliance process for SOC-II and other obligatory customer security requirements and reporting
Perform ongoing security enhancements, testing, and validation to ensure robust and functional security across all environments.
Lead security events identification, qualification, incident response, and investigation process
Evaluate and approve requests for identity and access controls, addition or removal of permissions / roles for accounts for users, groups, resources, and applications
Conduct security reviews periodically
Review and analyze audit records weekly for identified unusual activity and provide evidence of review and / or findings
Sensitivity : Internal & Restricted
Participate in functional incident response testing annually
Assist in the remediation of all vulnerabilities and security assessment findings
Technical Qualification / Knowledge :
Hands-on knowledge of Azure security technologies and associated components and variations
Azure Security Center, Azure Monitor, Log Analytics, Sentinel, QRadar
Azure Networking : VNET, Network Security Group (NSG), VNet peering, Azure Firewall
Azure Storage Security : storage accounts, managed disks, blobs, encryption at rest and in-transit, Azure KeyVault,
Azure Active Directory, RBAC, MFA, SAML, Conditional Access
Azure Load Balancers, WAF, Application Gateway, Availability Sets / Scale Sets
Knowledgeable about Windows Operating System, Server hardening, Group Policies, event, and log management
Experience with multiple security tools and technologies including Next-Gen Firewalls (Palo Alto), McAfee ePO, DLP, CrowdStrike, ZScaler, Vulnerability Assessment (Tenable.io)
Ability to lead troubleshooting of cloud security issues, detect and confirm anomalies, identify risks, perform root cause analysis
Additional Qualifications and Experience :
Solid understanding and Experience in cloud computing based services architecture, technical design and implementations including IaaS, PaaS, and SaaS.
Design of client's Cloud environments with a focus on mainly on Azure and demonstrate Technical Cloud Architectural knowledge.
Delivery of customer cloud strategies, aligned with customer's business objectives, with a focus on cloud-native development, with built-in resiliency, security and DR strategies
Nurture cloud security expertise within technical and leadership teams to drive secure Cloud Adoption and expansion.
Ensure all cloud solutions follow security and compliance controls, including data sovereignty.
Deliver cloud platform architecture documents detailing the vision for how Azure infrastructure and platform services support the overall security architecture, interaction with the application, database, and testing teams for providing a holistic view to the customer.
Collaborate with application architects and DevOps to modernize infrastructure as a service (IaaS) applications to Platform as a Service (PaaS)
Create solutions that support a DevSecOps approach for delivery and operations of services
Automation skills to introduce and embed Security-as-Code principles leveraging Azure native and other scripting tools for rapid and secured cloud deployments
Communicate new ideas or suggestions for analysis / process improvement.
Continuously mentor and groom junior cloud security engineers and associates for consistent security design and implementations across workloads.
Microsoft Azure Security-related certifications are strongly recommended
Information Security and Architecture related certifications are strongly recommended
Strong understanding of security incident response processes
Experience with Financial industry regulation and compliance preferred
Punctual and capable of managing assigned deadlines
Detail-oriented and presents ideas clearly and concise
Ability to troubleshoot cloud issues, perform root cause analysis
Create, maintain, improve SOPs, runbooks, and other related security documentation
Provide L3 support for critical incident response and escalations