Cloud and Security SME

Cloud Security Engineer

• Design, implement, and maintain Cloud and Network Security architectures across Azure, AWS, and hybrid datacenter environments, aligned to Zero Trust, Well-Architected Frameworks, and enterprise security standards.
• Deploy, monitor, and optimize Firewall, WAF, L7/L4 Load Balancers, API Gateways, Bot & DDoS Protection, Secure Web Gateways, and other network security controls across cloud and on-prem infrastructure.
• Implement and support Secure Connectivity patterns including Site-to-Site VPNs, SD-WAN, Remote Access VPNs, MPLS, ExpressRoute / Direct Connect, VNet/VPC Peering, Private Endpoints, Service Endpoints, and Hybrid DNS strategies.
• Provide L3 operational support for Firewalls (NGFW), WAF, Bot management, DDoS appliances / cloud-native protection, IPS/IDS, API Security platforms, Privileged Access Management, Endpoint Security, and SIEM/SOAR-integrated network platforms.
• Operate and enhance cloud-native network security controls such as Azure Firewall, Application Gateway, Front Door, Network Security Groups (NSGs), Private Link, Traffic Manager, Route Tables, Azure DDOS Protection, Network Watcher, and equivalents in AWS / GCP.
• Implement and manage SASE and Zero Trust Network Access (ZTNA) solutions to secure remote and distributed workforce connectivity, ensuring least-privilege network access.
• Adopt Security-as-Code / Infrastructure-as-Code practices using tools such as Terraform, Bicep, ARM Templates, Ansible, and CI/CD pipelines for repeatable, auditable, and compliant network deployments.
• Utilize Cloud Security Platforms including CNAPP / CSPM / CWPP / CASB (e.g., Prisma Cloud, Defender for Cloud, Wiz, Lacework) to enforce policy, detect posture drift, and automate remediation of security misconfigurations.
• Ensure API Security posture using API gateways, schema validation, threat protection, runtime behavior monitoring, and integration with CI/CD governance.
• Collaborate with Enterprise Architecture, Security Engineering, and Cloud Platform teams to review and approve cloud network designs, ensuring adherence to governance, segmentation, encryption, and isolation requirements.
• Assist in the design and deployment of Cloud Landing Zones, Hub-Spoke network models, regional failover architectures, identity-aware proxying, and secure service mesh communications as needed.
• Perform proactive and reactive system upgrades, lifecycle patching, incident response, vulnerability mitigation, and participate in On-Call rotations where required, following change control processes.
• Manage vendor and OEM escalations, technical support engagements, RCA follow-up, and ensure SLA-bound service continuity.
• Create, update, and maintain architecture diagrams, SOPs, runbooks, configuration baselines, and operational knowledge base articles to ensure ongoing platform maintainability and support readiness.
• A degree or diploma in Computer Science or related discipline.
• Hands-on experience managing Azure networking and security components in enterprise environments. Exp: 8-10 Years
• Strong understanding of networking fundamentals (TCP/IP, routing, DNS, VPN, certificates, load balancing, segmentation).
• Experience with at least one major firewall/WAF platform (e.g., Palo Alto, Fortinet, Check Point, F5, Cloudflare, Akamai).
• Experience with EDR/XDR security tooling (e.g., Defender XDR, CrowdStrike, SentinelOne) and integration with SIEM/SOAR workflows.
• Working knowledge of cloud security governance and threat protection tools (e.g., Azure Defender, CSPM platforms such as Prisma Cloud, Wiz, Defender for Cloud).
• Familiarity with API security concepts and protection techniques.
• Practical experience with Terraform, Bicep, ARM, or similar IaC tooling.
• Strong troubleshooting and analytical skills in complex networking and cloud environments.
• Ability to collaborate effectively with cross-functional IT teams.
• Exposure to multi-cloud networking (AWS, GCP VPC networking, transit gateways, cloud firewalls).
• Understanding of SASE and ZTNA solution architecture.
• Experience designing or optimizing Hub-Spoke, service mesh, or micro-segmentation patterns.
• Participation in architecture reviews or cloud network design assessments.

Familiarity with SIEM/SOAR operations and security incident response processes