Cloud Architect

Qualifications:

• 5+ years of experience in cloud security, cloud architecture, DevSecOps or related roles, with

at least 3+ years of hands-on experience in architecting secure environments on Microsoft

Azure.

• Strong understanding of cloud networking, hybrid cloud, and virtual networking concepts

(e.g., VPNs, subnets, NSGs, load balancing, hub-spoke).

• Expertise in designing and implementing cloud security architectures on Azure, with strong

knowledge of Azure Defender, Azure Sentinel, Azure Key Vault, Azure EntraID, Azure

Firewall, and other Azure security services.

• Strong understanding of security frameworks and compliance standards (e.g. ISO 27001,

GDPR, NIS2), and the ability to implement and manage them in the Azure cloud.

• Experience with Identity and Access Management (IAM), including Azure Entra ID, Privileged

Identity Management (PIM), role-based access control (RBAC), multi-factor authentication

(MFA), and Conditional Access Policies.

• Proficient in implementing Encryption strategies, such as Azure Disk Encryption, Azure

Information Protection, and SSL/TLS for securing data in transit and at rest.

• Experience with containerization and container security using Docker, Azure Kubernetes

Service (AKS), and related tools to secure containerized environments.

Expertise in Infrastructure as Code (IaC) tools such as Terraform, ARM templates, or Bicep to

automate secure provisioning and configuration of Azure resources.

• Experience in Azure governance and cost management using Azure Cost Management, Azure

Policies, and management groups.

Experience with monitoring and logging tools such as Azure Monitor, Application Insights, or

Log Analytics and third-party solutions like Splunk or Elastic Stack.

• Experience in risk management, vulnerability assessment, and penetration testing, along

with a strong understanding of incident response and remediation strategies in the cloud.

• Hands-on experience with CI/CD tools (e.g., Azure DevOps, ArgoCD) and integration of

security tools (e.g. SonarQube) within the pipeline.

• Proficiency in scripting languages (e.g., PowerShell, Azure CLI, Python) to automate security

tasks and infrastructure provisioning.

• Languages: English (C1).