The scope includes, but is not limited to:
- Contribute to the evolution of the Azure cloud security architecture vision, principles, and roadmap
- Define and maintain cloud security reference architectures and reusable security patterns
- Ensure security requirements are embedded in Azure landing zones, platform services, and workloads
- Define and enforce cloud security guardrails, standards, and baselines across Azure environments
- Provide security architecture guidance and review for cloud solution designs and platform changes
- Ensure alignment with enterprise security architecture and governance standards
- Define and maintain Azure security policies and control frameworks aligned with industry frameworks
- Support implementation of policy as code using Azure Policy and related governance tooling
- Define and oversee security exception handling and risk acceptance processes
- Design and review identity and access management architectures
- Define privileged access management models and administrative access controls
- Enforce least privilege and zero trust principles across Azure environments
- Define standards for single sign on, multi factor authentication, managed identities, and role based access control
- Define and review secure Azure network architectures including segmentation and isolation models
- Define ingress and egress control patterns and traffic inspection strategies
- Review designs for Azure Firewall, Web Application Firewall, Private Link, DNS security, and DDoS protection
- Define secure hybrid connectivity patterns and network security requirements
- Define encryption standards and key management architecture options
- Define data classification, data protection, and sensitive data handling requirements
- Define data loss prevention controls and security requirements for data storage and processing
- Review backup, recovery, and data sovereignty requirements from a security perspective
- Define secure Azure landing zone architecture patterns and platform security baselines
- Define platform hardening standards and configuration management requirements
- Ensure security logging, monitoring, and auditability requirements are embedded in platform design
- Define secure configuration standards for core Azure platform services
- Define security requirements for Infrastructure as Code and cloud automation approaches
- Review Terraform and CI/CD designs from a security and governance perspective
- Define security testing requirements including dependency scanning, container scanning, and IaC scanning
- Promote shift left security practices across platform and application teams
- Conduct cloud security architecture risk assessments and provide mitigation guidance
- Support internal and external audit and compliance activities
- Map cloud security controls to regulatory and industry frameworks
- Define compensating controls where required
- Support continuous compliance and security posture improvement initiatives
- Collaborate with cloud architecture, platform engineering, security, and operations teams to ensure consistent security implementation
- Produce architectural documentation, security design decisions, and governance artefacts.
Profil candidat:
- Strong expertise in Azure cloud architecture, with a focus on cloud security and platform design
- Proven experience designing and securing enterprise Azure environments, including landing zones, identity, networking, management, and governance components.
- Strong knowledge of cloud security architecture principles, including Zero Trust, defense in depth, least privilege, and secure by design approaches.
- Experience defining and implementing cloud security guardrails, policies, standards, and security baselines.
- Strong understanding of Microsoft Entra ID, identity governance, privileged access management, authentication, authorization, and role-based access control models.
- Experience designing secure Azure networking architectures, including segmentation, private connectivity, traffic inspection, and perimeter security controls.
- Strong knowledge of data protection, encryption, key management, secrets management, and data governance principles within Azure.
- Experience with Azure security services and capabilities, including Microsoft Defender for Cloud, Microsoft Sentinel, Azure Policy, Azure Key Vault, Azure Firewall, Web Application Firewall, and related platform security services.
- Experience performing cloud security risk assessments and supporting audit, compliance, and regulatory initiatives.
- Strong understanding of security frameworks and industry standards.
- Experience with Infrastructure as Code concepts and security controls for cloud automation and platform deployment.
- Ability to review and challenge solution designs from a security architecture perspective and provide pragmatic recommendations.
- Strong analytical, communication, stakeholder management, and documentation skills.
- Ability to work effectively with cloud architecture, platform engineering, security, network, and operations teams.
Level of Education
University degree of 4 years in a relevant domain (e.g. Computer Science, Information Technology).Minimum of 3 years of demonstrated experience in defining cloud security standards, guardrails, and architecture patterns for large scale enterprise environments.
Professional Certifications and trainings· Azure Certifications:o Microsoft Certified: Azure Fundamentals (required)
o Microsoft Certified: Azure Solutions Architect Expert (required)
o Azure Security Engineer Associate (required)
o Azure Network Engineer Associate (nice to have)
