Senior Azure Cloud Security Architect

Responsibilities
• Work in collaboration with Devops and Cloud Engineers toward a DevSecOps practice that conforms to Security- and Privacy by Design principles
• Guide business operations teams including Finance, HR, Marketing and Customer Sales around security and compliance requirements
• Manage security product assessments and budgeting
• Manage 3rd Party vendor and product vetting assessments
• Manage regular internal audits and external pen testing projects
• Represent security and compliance matters in client request for proposals
• Manage Azure Policy and Blueprints to detect, alert and remediate controls that are non-compliant to required regulatory standards
• Expert use of runbooks, flows, playbooks and/or logic apps to automatically remediate resources and controls that do not meet security or compliance baselines
• Manage application and infrastructure vulnerabilities with best-of-breed vendor solutions and present the executive summary dashboards with PowerBI
• Clear Security documentation and diagrams should be standard protocol
• Build automation and orchestration of Security infrastructure
• Lead security and quality code scanning and remediation at the code promotion gates
• Continually improve Azure Sentinel SOC/SIEM service with accurate rules and playbooks
• Work with SRE Team to ensure accurate security event detection and response workflows
• Lead security and privacy training campaigns
• Administer SAST, SCA, and DAST platforms with a focus on providing fast feedback to developers
• Administer a Security Bot with context of Evil User Stories, Security User Stories, and Privacy User Stories that efficiently inform and equip Developers with Threat Modelling at the Sprint planning stage
• Identify points of weakness and technical vulnerabilities, and devise solutions to these problems
• Perform internal Pen Tests and Web Application Testing
• Own Governance, Risk and Compliance - Translating the regulatory requirements and security framework requirements into business speak and direction, and then into technical requirements with implementation best-practice guidance.

What You’ll Have
• You only adhere to repeatable and declarative deployment and configuration as part of Infrastructure as Code
• Passion for security, automation, performance, and reliability
• 10+ years of experience in Information Security
• 3+ years proven Microsoft Azure Cloud security experience
• 3+ years of experience with Microsoft Cybersecurity tools, including Azure Sentinel, Defender ATP, Cloud App Security, Data Classification, Data Loss Protection, Information Protection, M365 Compliance and M365 Protection
• JSON, Kusto Query Language (KQL) and Powershell experience
• Experience With Microsoft automation services like Logic Apps, Power Automate, Flow and Runbooks
• Terraform Cloud with Azure Provider experience to deploy Infrastructure and Governance as Code
• Experience with Docker and Kubernetes
• Proven experience with Azure Devops CI/CD
• Strong experience with Azure Kubernetes Container Security and API Security
• Experience conducting penetration tests, running web application testing tools, performing manual testing and source code review using tools, validating test results, identifying root cause, analyzing vulnerabilities, and helping develop platform specific remediation plans
• Experience in security testing with knowledge of security fundamentals and exploitation techniques

Qualifications
• Azure Certified Administrator Associate (AZ104)
• Azure Security Technologies (AZ500)
• CISSP (Certified Information Systems Security Professional)

Other relevant Certifications
• Certified Kubernetes Administrator (CKA)
• AWS Security Certifications
• Offensive Security Certifications

Extra Credit If You’ve Got It
• Proficiency in cryptographic protocols and cipher suites
• IAM custom JSON roles and role based access control best practice experience
• Technical experience in administering a Cloud PKI infrastructure with CA and Certificate issuance
• Experience with DevOps workflow tools like Jenkins and Gitlab
• Thorough understanding of cloud network technologies that include Private Links, VNET Peering and Virtual Networking
• Azure Firewall Premium and Application Gateway Experience
• CloudFlare Services experience
• 1st and 3rd Party Code Security Scanning experience with experience in approaches that reduce false-positives and escape rates
• Familiarity with penetration testing methodology and standards
• Deep understanding of Secure SDLC
• OWASP top 10 mitigation approaches – Service based environments e.g. REST
• Scripting or programming experience (Python, Go, Bash, etc.)
• Experience in implementing common industry frameworks such as: NIST CSF, ISO 27000, COBIT, NIST 800-171, NIST 800-53, CIS, and Critical Security Controls (SANS Top 20)
• IoT Security experience
• BS in Computer Science or equivalent degree