Senior Infrastructure Engineer (Skills - Cloud Security)

Key Responsibilities:

Security Architecture & Design

· Design and implement security baselines for Azure resources and services.

· Integrate Zero Trust principles across identity, networking, and applications.

· Secure Azure Landing Zones with role-based access, network segmentation, and encryption.

Identity & Access Management

· Configure and manage Azure AD, Conditional Access, PIM, MFA, and RBAC.

· Implement Just-In-Time access and privileged account controls.

· Support hybrid identity and federation scenarios.

Threat Protection & Monitoring

· Deploy and manage Microsoft Defender for Cloud, Sentinel (SIEM/SOAR), and Log Analytics.

· Configure alerts, incident response workflows, and automation playbooks.

· Monitor and analyze cloud security events, investigate anomalies, and respond to incidents.

Data & Application Security

· Implement encryption at rest and in transit, Key Vault management.

· Apply DLP, classification, and information protection policies.

· Secure APIs, containers (AKS), and PaaS services with proper controls.

Compliance & Governance

· Enforce Azure Policy, Blueprints, and regulatory compliance standards (ISO, SOC2, GDPR, HIPAA).

· Support audits with evidence collection and security posture reporting.

· Define tagging, monitoring, and governance standards for cloud assets.

Automation & Continuous Improvement

· Use Terraform, Bicep, Python or ARM templates to automate security configuration.

· Build security-as-code pipelines with Azure DevOps or GitHub Actions.

· Continuously assess and improve security controls against evolving threats.

Required Skills & Experience:

· 6–8 years in security engineering, with at least 5+ years in Azure security.

· Strong hands-on experience with:

o Azure AD, Entra ID, and RBAC models

o Microsoft Defender for Cloud, Sentinel (SIEM), Key Vault

o Azure Firewall, WAF, DDoS Protection, NSGs

· Experience in incident detection and response in cloud environments.

· Strong understanding of cloud networking and hybrid security concepts (VPN, ExpressRoute, BGP, IPSec).

· Proficiency with scripting/automation (PowerShell, Python, Terraform, Bicep).

· Familiarity with DevSecOps practices (integrating security into CI/CD pipelines).