Azure Cloud Security Architect

Title: Azure Cloud Security Architect Duration: 12+ Months Location: Marietta, GA || Berkeley Heights, NJ || Atlanta, GA || Omaha, NE || Denver, CO Work Schedule: 5 days onsite Employment type: W2 only The Azure Cloud Security Architect is responsible for leading the Defining, Designing, and Development of cyber-security architecture and ensuring technology initiatives are implemented within the framework, providing data protection for one of our key government clients' cloud environments. The selected candidate will be accountable for strategic planning, architecture, and securing enterprise information by identifying network and application security requirements, implementing, and testing security controls and procedures. This role collaborates with other teams to embed security into the entire lifecycle, integrating DevSecOps principles and automation into the pipeline. The Cloud Security Architect is considered the trusted advisor, advising in developing Cloud risk management strategies and multi-year implementation and remediation programs based on business priorities and risks to address Cyber-Security, Cyber Defense and Business needs of our customer. Key Job Responsibilities 1. Define, Design, and Develop, cybersecurity and privacy policies, processes and compliance artifacts, systems authorization, and management in a cloud environment. 2. Analyze and map existing and define and develop new security controls and safeguards to compliance requirements for a cloud environment. 3. Assess and document "Shared Responsibility” for all cyber security and risk-based capabilities. 4. Lead automation of Azure infrastructure provisioning and security controls using Terraform and policy-as-code. 5. Collaborate with ITOps, DEVOps and other teams to perform architecture reviews, risk assessments, and control mapping. 6. Define, Design, and Develop, an ongoing Zero-Trust Architecture as a core part of all design and development of the cloud solution. 7. Define, Design, and Develop, identity and access controls, logging, and monitoring solutions. 8. Coordinate application and infrastructure risk mitigation and vulnerability remediation activities. 9. Define, Design, Develop, implementation, and deployment of a hybrid cloud solution in a FedRAMP High environment involving integration of hybrid cloud solutions with on-premises components and systems. 10. Define and Develop Incident Management activities, assessing attacker tactics, techniques, and procedures (TTP) and provide incident response support to locate and prevent threats. Job Requirements Experience Required: (Microsoft Azure Cloud along with GovCloud experience preferred) • Education: Bachelor's degree in a technology field, Master's degree preferred. • 5+ years' cyber related experience in a GovCloud (preferred) or commercial environment with Azure, in a technical information security and risk management role. GovCloud experience preferred. • 5+ years firsthand working with multiple Azure security tools and platforms such as Entra ID, Sentinel, Defender, Monitor, Key-Vault, or similar in other platforms. • 5+ years managing security policies and initiatives in Azure. • Identity Access and Management (IDAM) concepts, multifactor authentication, SSO/Federation • Privileged Access Management (PAM) and Privileged Identity Management (PIM) key concepts • Demonstrated ability to Define, Design, and configure the Azure security platforms, and function as an overall lead managing end to end security on the Azure GovCloud regions. • Experience automating security baselines and policy enforcement in enterprise Azure environments. • Experience automating "Policy-As-Code” using Terraform and ARM templates, with a focus on reusable module design, policy enforcement, and secure CI/CD integration. • Demonstratable understanding of Information Security and Risk Management capabilities related to cloud computing across Windows and Linux, with demonstrated direct experience with the following domains: o Identity, Credential and Access Management (ICAM) o Authentication and Authorization including SSO and Identify Federation o Zero-Trust Model o Defense-In-Depth o Governance and Compliance o Securing Data o Securing the Operating System o Protecting the Network Layer o Continuous Diagnostics and Mitigation, Alerting, Audit Trail, and Incident Response o Cloud Core Platform: Compute, Storage, Networking Other experience desired: • Prior experience supporting federal, defense, or highly regulated commercial clients. • Familiarity with compliance frameworks such as FedRAMP, CMMC, FISMA and NIST 800-53. • Certifications: CISSP, CCSP, Azure/AWS/Google Training and Certification • Crowdstrike Falcon EDR for Azure • Experience with secure baseline configurations (CIS Benchmarks, DISA STIGs) for Azure environments. • Managing/maintaining FISMA compliance for a government information system in accordance with requirements from NIST. • Demonstrated experience collaborating directly with external clients, business leadership, and auditors. • Direct technical background, to include familiarity with servers, network devices, and security systems. #TB_EN #ZR