Cloud Security (Azure Focus)
- Lead improvements in Azure security posture using Microsoft Secure Score , Azure Policy , and Azure Defender for Cloud .
- Implement and manage Azure-native security controls , including Key Vault , Azure Firewall , NSGs/ASGs , Sentinel , and Microsoft Defender XDR .
- Enforce Azure Security Benchmark and contribute to Azure Well-Architected Framework (Security Pillar) assessments and remediation.
Security Operations & Incident Response
- Oversee day-to-day SOC operations in collaboration with MDR/MSSP vendors , ensuring timely triage, escalation, and remediation.
- Improve MTTA/MTTR through playbook automation, detection rule tuning, and optimised incident workflows.
- Lead root cause analysis , forensics , and incident post-mortems for infrastructure and cloud-related security events.
Cyber Threat Intelligence and Blue Teaming
- Integrate actionable Cyber Threat Intelligence (CTI) feeds and threat actor TTPs into the detection pipeline.
- Run regular phishing simulations , blue teaming , and breach and attack simulations (BAS) to validate defence readiness.
- Conduct and support infrastructure threat modelling using MITRE ATT&CK and STRIDE frameworks.
IT Security & Patch Compliance
- Ensure IT infrastructure security , including laptops, servers, printers, and internal systems.
- Define and enforce enterprise patch management policies , track patch compliance for OS, firmware, and software.
- Monitor for vulnerable configurations and outdated software across end-user and server endpoints.
Active Directory & Identity Security
- Secure and monitor Active Directory (AD) and Azure AD for privilege escalations, misconfigurations, and abuse patterns.
- Implement conditional access policies , multi-factor authentication (MFA) , and role-based access control (RBAC).
- Ensure alignment with SC-300 Microsoft Identity & Access best practices.
Network Security
- Define and enforce network segmentation , firewall rule reviews, secure VPN configurations, and zero-trust policies .
- Perform network threat analysis and work with IT/network teams to detect anomalies, lateral movement, or exfiltration risks.
- Monitor and harden edge devices (routers, firewalls, IDS/IPS).
Governance, Risk & Compliance (GRC)
- Ensure cloud and infra environments are compliant with standards (ISO 27001, SOC 2, NIST CSF).
- Support internal/external audits and maintain audit readiness for controls involving cloud and IT security.
- Drive Security BCP and DR testing exercises; document findings and track mitigation.
Vendor Management and Operations
- Act as primary liaison for MDR/MSSP providers , managing SLAs, escalations, tuning requests, and playbook improvements.
- Own contracts, performance metrics, and quarterly service reviews with security vendors.
Security Metrics and Reporting
- Track and improve metrics like Microsoft Secure Score , patch SLAs , threat detection coverage , MTTA/MTTR , phishing susceptibility, and audit gaps.
- Maintain and publish security dashboards and operational health reports to leadership.
Qualifications
Education
- Bachelor s or Master s in Information Security, Computer Science, or a related technical discipline.
Experience
- 6+ years of hands-on experience in Information Security, including:
- 3+ years in Azure Security and SOC operations
- Proven exposure to IT infrastructure , AD security , and network hardening
- Leading incident response , audit preparation , and GRC collaboration
Certifications (Highly Preferred)
- AZ-500 : Microsoft Azure Security Engineer Associate
- SC-200 : Microsoft Security Operations Analyst
- SC-300 : Microsoft Identity and Access Administrator
- SC-100 : Microsoft Cybersecurity Architect
- Optional: CISSP, CISM, ISO 27001 LA, or GIAC certifications (e.g., GCIA, GCIH)
Skills & Competencies
- Deep expertise in Azure-native security , SIEM/XDR/EDR tooling
- Strong grasp of network protocols , firewall rules , Active Directory , and endpoint hardening
- Familiarity with cyber kill chain , threat intelligence , and detection engineering
- Proficient in KQL , PowerShell, or scripting to support security automation
- Clear communicator able to translate technical risk into business impact
