Azure cloud security SME

Role:

Location:

Experience:

About us:

Conglomerate IT is a certified and a pioneer in providing premium end-to-end Global Workforce Solutions and IT Services to diverse clients across various domains. Visit us at https://www.conglomerateit.com/

Conglomerate IT mission is to establish global cross culture human connections that further the careers of our employees and strengthen the businesses of our clients. We are driven to use the power of global network to connect business with the right people without bias. We provide Global Workforce Solutions with affability.

The Azure Cloud Security Expert is responsible for architecting, implementing, and managing secure cloud environments within Microsoft Azure. The role ensures that all cloud-based systems are resilient against threats, compliant with global standards, and designed for secure access between geographically distributed teams (e.g., India and U.S.). The expert will collaborate closely with infrastructure, network, and compliance teams to protect sensitive data, manage identity and access, and monitor for emerging risks.

Key Responsibilities:

1. Secure Access Design

• Design and implement secure authentication and authorization frameworks across multiple regions (India and U.S.).
• Enforce Role-Based Access Control (RBAC) and least-privilege principles for all users and service accounts.
• Configure Conditional Access Policies, including IP-based restrictions, MFA enforcement, and device compliance checks.
• Integrate Azure Active Directory (AAD) with on-premises or hybrid identity solutions.

2. System Segregation & Secure Integration

• Architect secure communication between regional systems (e.g., India and U.S.) using Azure Virtual Networks (VNets), VNet Peering, and Private Endpoints.
• Design a lightweight, region-specific system for India that interacts safely with the main CRM without data leakage.
• Implement Azure Firewall, Network Security Groups (NSGs), and Application Gateway (WAF) for layered defense.

3. Infrastructure Security

• Perform vulnerability assessments and threat modeling for Azure-based resources.
• Implement and manage Azure Defender for Cloud, Azure Security Center, and Key Vault for credential and secret protection.
• Configure encryption for data at rest (Azure Storage Encryption) and in transit (TLS, HTTPS, VPN).
• Ensure secure API integrations with Managed Identities and Azure Private Link.

4. Compliance & Governance

• Ensure compliance with frameworks such as SOC 2, GDPR, ISO 27001, and organization-specific policies.
• Utilize Azure Policy and Blueprints to enforce security baselines and governance standards.
• Conduct regular audits and risk assessments aligned with corporate compliance requirements.

5. Monitoring & Incident Response

• Set up Microsoft Sentinel or Azure Monitor for real-time monitoring, log analytics, and threat detection.
• Develop and maintain incident response playbooks for Azure-native environments.
• Enable audit trails, periodic access reviews, and activity reporting for critical resources.
• Coordinate post-incident reviews and apply corrective actions.

6. Collaboration & Documentation

• Collaborate with global teams to maintain unified security posture across regions.
• Document architecture, policies, and incident response workflows.
• Provide guidance and training to engineering and DevOps teams on Azure security best practices.

Required Skills:

• Strong expertise in Azure Active Directory, Conditional Access, RBAC, and MFA.
• Hands-on experience with Azure Defender for Cloud, Microsoft Sentinel, and Azure Key Vault.
• Proficiency in network security design, including VNets, NSGs, Azure Firewall, and WAF.
• Knowledge of encryption standards, certificate management, and data protection strategies.
• Experience with Azure Policy, BluePrints, Security Baselines, and Compliance Manager.
• Scripting experience in PowerShell, Azure CLI, or Terraform for automating security configurations.
• Understanding of DevSecOps principles and integrating security into CI/CD pipelines.