Cloud Solution Architect

Title: Cloud Solution Architect

Location: Remote

LOA: Part time / 160 Hours

Services Description: To provide a remediation engagement to remediate Buyer’s Azure environment and security workflow within the guidance of Buyer’s CSS.

Objectives:

• Provide structured support via a scoped “remediation and support hours” block to help execute or guide the implementation of critical fixes identified during the assessment.

Scope:

• Team will remediate the Buyer’s Azure environment and security workflow. Areas of effort include:
• Remediation services and support
• Work with the team to solve critical issues
• Support changes and service functionality

Approach:

• Remediation Support
• Hands-on remediation guidance (e.g., policy adjustments, firewall reconfiguration, CNAPP tuning)
• Solution validation / testing support (e.g., Defender for IoT deployment, traffic flow tests)
• Co-implementation of playbook items from the roadmap
• Team coaching and knowledge transfer sessions beyond initial workshop
• On-demand advisory hours for architectural or compliance-related questions

Title: Sr. Security Cloud Architect

Location: Remote

LOA: 8 weeks, 40 hours/week

Services Description

Objectives:

• Review the Buyer’s Azure subscriptions, resource groups, and key services against Microsoft’s Azure Security Benchmark and best FinOps practices
• Provide prioritized, risk-based remediation recommendations aligned to industry best practices
• Analyze the security, infrastructure, and connectivity of Azure services supporting OT workloads
• Deliver a risk-based, actionable set of recommendations aligned with industry frameworks (e.g., NIST CSF, IEC 62443, CIS Benchmarks) tailored to both Buyer’s CSS and OT risk profiles.
• Develop a high-level, multi-phase roadmap for strengthening security posture and optimizing cloud architecture over the next 12–18 months.
• Conduct workshops, guided sessions, and/or document review with Buyer teams to transfer knowledge and build operational confidence in managing OT and cloud-native security.
• Deliver executive-level summaries and a detailed technical report to enable Buyer stakeholders to track progress and budget for implementation.

Scope:

Vendor’s team will evaluate the Buyer’s Azure infrastructure, services, and OT connectivity, and deliver a tactical, risk-driven roadmap for improving posture and performance. Core focus areas include:

Security Configurations

• Azure AD, RBAC, Conditional Access, PIM/JIT access, identity protection
• Defender for Cloud, Key Vault, MFA enforcement, CNAPP tools such as Prisma

Network Architecture & OT Connectivity

• Review VNets, NSGs, Azure Firewall/NVAs, ExpressRoute, VPNs, Private Link
• Analyze segmentation between IT and OT systems; inspect traffic paths from SCADA, PLCs, or IIoT devices to cloud services OT Service Integration & Data Flows
• Azure IoT Hub, Azure Arc, Digital Twins, Azure Stack Edge