Security Architecture & Engineering Specialist/ Lead

As Security Architecture & Engineering Lead (Cloud Focus), you will be the hands-on technical authority designing, implementing, and continuously evolving the cloud security architecture that protects billions in digital assets and ensures regulatory compliance. This is a deeply architectural and engineering role — 80-90% hands-on design, configuration, automation, and validation — where you will own the end-to-end security posture of the Azure estate while bridging it to blockchain-specific threats (key exposure, on-chain anomalies, bridge exploits, governance attacks). You will lead threat modeling, zero-trust controls, secure-by-design cloud patterns, incident response engineering, and coordination with the managed SOC partner.

• 8–15+ years in cloud security architecture & engineering, with 6+ years deep hands-on with Microsoft Azure (security specialization).

• Expert-level proficiency in Azure security stack: Entra ID (Conditional Access, PIM, RBAC), Key Vault Managed HSM (FIPS 140-2 Level 3), Defender for Cloud/Sentinel (KQL analytics, playbooks), Azure Firewall/NSGs, Private Link, DDoS Protection, and Azure Policy-as-Code.

• Proven hands-on experience leading incident response in Azure environments — including containment, forensics, coordination with external SOC providers, and regulatory reporting.

• Strong understanding of zero-trust architecture, workload identity federation (OIDC), secrets management, network micro-segmentation, and cloud-native DevSecOps.

• Experience correlating cloud logs/alerts with blockchain-specific threats (on-chain anomalies, wallet activity, bridge exploits).

• Deep knowledge of UAE regulatory frameworks: CBUAE, ADGM FSRA.

• Experience integrating cloud SIEM with blockchain threat intelligence

• Excellent scripting & automation skills (Terraform IAC, PowerShell, Azure CLI, Bicep/ARM, KQL).

Hands-on Azure Security Implementation & Hardening:

• Design, deploy, and maintain zero-trust controls across Azure: Entra ID Conditional Access, Private Link for all PaaS (Key Vault, Cosmos DB, Blob), Azure Firewall + NSGs (deny-by-default), DDoS Protection Standard, and workload identity federation (OIDC).

• Manage Microsoft Sentinel as central SIEM: ingest Azure logs, Defender alerts, on-chain events (via custom connectors), and endpoint telemetry; build and maintain custom analytics rules for cloud + blockchain threats (e.g., anomalous Key Vault access, large unauthorized transfers, admin console abuse).

• Implement and manage Azure Key Vault Managed HSM (FIPS 140-2 Level 3) for non-exportable keys, transaction signing, MPC roots — including private endpoints, rotation policies, and purge protection.

• Perform hands-on network micro-segmentation, CSPM remediation, and secrets scanning across AKS, VMs, and storage accounts.

• Perform quarterly Azure security assessments, configuration reviews, and regulatory mapping.

• Infrastructure as a code (IAC) automation – for terraform

• Advise Infrastructure team on the Cloudflare security (DDOS, bot)

• Implement any security tools that are necessary for the operation

Incident Detection, Response & SOC Coordination:

• Act as primary hands-on responder for detected incidents: investigate alerts, contain threats (isolate resources, rotate keys, pause workloads), and coordinate with managed SOC analysts (24/7 escalation path).

• Develop, maintain, and execute Azure-specific incident playbooks (e.g., Key Vault compromise, suspicious IAM activity, data exfiltration, DDoS).

• Lead real-time containment during high-severity events (P1/P2

• Advise the SOC team on regularly tuning detection rules, reducing false positives, and validating the SOC partner's performance through joint drills.

• Correlate cloud alerts (e.g., Defender for Endpoint, Sentinel) with on-chain signals (large transfers, privileged calls, oracle manipulation) for hybrid threat detection.