Azure Architect

The work:

We are seeking a highly skilled and experienced Senior Azure Architect with a deep specialization in cloud security. In this role, you will be the go-to expert for designing, implementing, and governing our Azure cloud environment. You will be responsible for creating robust, secure, and scalable cloud solutions, ensuring they align with industry best practices, compliance requirements, and our business objectives. Your primary focus will be on architecting security-first solutions and providing technical leadership to our engineering teams. 

Key Responsibilities: 

Architect & Design: Design and implement secure, scalable, and highly available cloud solutions on the Microsoft Azure platform, adhering to well-architected framework principles. 

Security Governance: Develop and maintain a comprehensive cloud security architecture, including preventative, detective, and responsive controls. 

Security Implementation: Lead the implementation and configuration of Azure-native security services such as Microsoft Defender for Cloud, Microsoft Sentinel, Azure Firewall, Azure Key Vault, and Azure Policy. 

Policy & Compliance: Define and enforce cloud governance policies for identity and access management (IAM), network security, data protection, and cost management. Ensure all cloud solutions are compliant with relevant industry standards (e.g., ISO 27001, SOC 2, GDPR, NIST). 

Threat & Vulnerability Management: Conduct security assessments, code reviews, and vulnerability scanning of Azure environments to proactively identify and remediate risks. 

Identity & Access Management (IAM): Architect and implement robust solutions for identity using Azure Active Directory (Azure AD), including Conditional Access, Privileged Identity Management (PIM), and Identity Protection. 

Network Security: Design secure network architectures using Virtual Networks, Network Security Groups (NSGs), Application Security Groups (ASGs), Private Link, and other advanced networking components. 

Automation: Drive the automation of security operations and infrastructure deployment using Infrastructure as Code (IaC) tools like ARM templates, Bicep, or Terraform. 

Leadership: Serve as a subject matter expert on cloud security, providing technical leadership, guidance, and mentorship to development and operations teams on security best practices. 

Innovation: Stay current with the latest Azure features, security threats, and industry best practices to continuously improve the company's cloud security posture. 

Here's what you need:

• Bachelor’s degree in Computer Science, Information Technology, or a related field, or equivalent work experience. 
• 15+ years of experience in IT, with at least 8+ years in a cloud architecture role with a significant focus on Microsoft Azure. 
• Proven, hands-on experience designing and deploying secure, enterprise-scale solutions in Azure. 
• Expert-level knowledge of Azure security services and features (Microsoft Defender for Cloud, Microsoft Sentinel, Azure Firewall, DDoS Protection, WAF, Key Vault). 
• Strong understanding of core security principles (e.g., Zero Trust, defense-in-depth, least privilege). 
• In-depth experience with Azure Identity and Access Management (Azure AD, PIM, B2B/B2C, Conditional Access Policies). 
• Proficiency with Azure networking concepts (VNet, subnets, NSGs, UDRs, ExpressRoute, VPN Gateway). 
• Experience with Infrastructure as Code (IaC) using ARM templates, Bicep, and/or Terraform. 
• Excellent problem-solving skills and the ability to work independently and in a team environment. 
• Strong communication and leadership skills, with the ability to articulate complex technical concepts to both technical and non-technical stakeholders. 

Preferred Skills and Qualifications:

• Microsoft Certified: Azure Solutions Architect Expert (AZ-305). 
• Microsoft Certified: Azure Security Engineer Associate (AZ-500) or other advanced security certifications (e.g., CISSP, CCSP). 
• Experience with CI/CD pipelines and implementing DevSecOps practices. 
• Knowledge of containerization technologies (Docker, Kubernetes, Azure Kubernetes Service - AKS) and their security implications. 
• Proficiency in scripting with PowerShell, Azure CLI, or Python.