- Expertise in managing and troubleshooting Azure Network Security Groups (NSGs) to ensure secure network traffic flow across cloud and hybrid environments. The ideal candidate will optimize NSG rules, resolve connectivity issues, and enforce least-privilege access principles.

- Design, implement, and maintain Azure NSG rules to control inbound/outbound traffic for VMs, subnets, and applications.

- Regularly audit and refine NSG rules to eliminate overly permissive access and enforce least-privilege security.

- Troubleshoot and resolve connectivity issues caused by NSG misconfigurations.

- Collaborate with network teams to ensure seamless and secure connectivity between Azure, on-premises, and multi-cloud environments.

- Integrate NSGs with Azure Firewall, Application Security Groups (ASGs), and Private Endpoints for layered security.

- Monitor NSG flow logs and analyze traffic patterns to detect anomalies or unauthorized access attempts.

- Diagnose and resolve network connectivity issues related to NSGs, route tables, and security policies.

- Work with SOC teams to investigate security incidents involving NSG bypasses or rule violations.

- Use Azure Network Watcher, Log Analytics, and Sentinel for NSG log analysis and forensics.

- Automate NSG rule deployments using Azure Policy, PowerShell, or Terraform to ensure consistency.

- Document NSG standards, rule change processes, and troubleshooting playbooks.

- Stay updated on Azure networking updates, Zero Trust principles, and Microsoft security benchmarks**.

- 5-6+ years of hands-on experience managing Azure NSGs, VNet peering, and cloud network security.

- Strong understanding of TCP/IP, UDP, network protocols, and Azure networking components.

- Experience troubleshooting NSG rule conflicts, ASG misconfigurations, and service tag limitations.

- Familiarity with Azure Monitor, NSG flow logs, and KQL queries for traffic analysis.

- Scripting skills (PowerShell, Azure CLI, or Python) for automation tasks.

- Certifications like AZ-500, AZ-700, or CCNA Security are a plus.

- Knowledge of firewall policies (Azure Firewall, Palo Alto, FortiGate) alongside NSGs.

- Experience with DevSecOps practices and Infrastructure as Code (IaC)

- Understanding of Zero Trust Architecture (ZTA) and micro-segmentation

- Manage hybrid connectivity security between Azure cloud and on-premises infrastructure, with a focus on NVA firewall policies, Network Security Groups (NSGs), and overall network security architecture. The ideal candidate will ensure secure connectivity, implement best practices, and mitigate risks across hybrid environments.

- - Design, implement, and manage secure connectivity solutions between Azure cloud and on-premises networks.

- - Configure and optimize NVA Firewall, NSGs, Application Security Groups (ASGs), and VPN/ExpressRoute for secure hybrid connectivity.

- - Monitor and troubleshoot network security issues across hybrid environments.

- - Define and enforce firewall policies (Azure Firewall, Palo Alto, FortiGate, or equivalent) for inbound/outbound traffic.

- - Manage Azure NSG rules to control traffic flow between Azure resources and on-premises systems.

- - Conduct regular audits of firewall and NSG rules to ensure compliance with security policies.

- - Develop and maintain security standards for hybrid network connectivity.

- - Implement Zero Trust Network Access (ZTNA) principles for secure access controls.

- - Ensure alignment with CIS benchmarks, NIST, and Azure Well-Architected Framework.

- - Work with SOC teams to monitor and respond to security threats in hybrid environments.

- - Investigate and remediate security incidents related to network breaches or misconfigurations.

- - Utilize Azure Sentinel, Defender for Cloud, and SIEM tools for threat detection.

- - Ensure compliance with GDPR, HIPAA, PCI-DSS, or industry-specific regulations.

- - Maintain detailed documentation of security policies, network diagrams, and incident reports.

- - 5+ years of experience in network security, cloud security (Azure), and hybrid connectivity.

- - Strong expertise in Azure networking (VNet, VPN Gateway, ExpressRoute, Azure Firewall, NSGs).

- - Hands-on experience with firewall management (Palo Alto, Fortinet, Cisco ASA, or Azure Firewall).

- - Knowledge of Zero Trust Architecture (ZTA), micro-segmentation, and SASE frameworks.

- - Familiarity with SIEM, IDS/IPS, and Azure security tools (Sentinel, Defender for Cloud).

- - Certifications such as AZ-500 (Azure Security), CCSP, CISSP, or CCNP Security are a plus.

- - Strong troubleshooting and analytical skills for security incidents.

- - Experience with multi-cloud environments (AWS/GCP) alongside Azure.

- - Scripting skills (PowerShell, Python, Terraform) for security automation.

- - Knowledge of DevSecOps and Infrastructure as Code (IaC) practices.

Skills for Cloud Security Engineer E 2.1,E.3.1