Senior Cloud Security Engineer

Job Summary

We are seeking a highly skilled Senior Cloud Security Engineer to design, implement, and manage the security architecture of our digital ecosystem. The primary objective is to protect the company's cloud-native applications and infrastructure from evolving cyber threats—such as Ransomware and unauthorized data exfiltration—while ensuring 100% business continuity through robust infrastructure hardening and immutable recovery strategies.

Key Responsibilities

• Infrastructure Hardening & Networking: Secure Virtual Machines (VMs) and Virtual Networks (VNETs) by enforcing strict Network Security Groups (NSGs). Eliminate public-facing vulnerabilities by replacing standard RDP (3389) access with secure solutions like Azure Bastion and VPN Gateways.
• Identity & Access Management (IAM): Implement the "Principle of Least Privilege" across the Azure environment. Enforce Multi-Factor Authentication (MFA) and manage Privileged Identity Management (PIM) for all administrative access.
• Advanced Data Protection: Ensure all sensitive data is encrypted at rest and in transit. Manage secrets, certificates, and cryptographic keys using Azure Key Vault.
• Backup & Disaster Recovery (BDR): Architect and maintain an Immutable Backup strategy. Ensure that recovery points are isolated and protected from the production environment to guarantee restoration even in the event of a total system compromise.
• Threat Detection & Monitoring: Deploy and manage Microsoft Defender for Cloud and Microsoft Sentinel (SIEM/SOAR) to detect, investigate, and respond to security alerts in real-time.
• Vulnerability Management: Conduct regular automated and manual vulnerability assessments on servers and databases (SQL, NoSQL). Oversee the immediate patching of critical security flaws.
• Incident Response: Lead the security incident response lifecycle. Create and test playbooks for rapid containment, eradication, and recovery during a security breach.

Technical Requirements

• Experience: Minimum of 5+ years in Cybersecurity, with at least 3 years of hands-on experience exclusively in Microsoft Azure.
• Network Security: Deep expertise in Azure Firewalls, Application Gateways, WAF (Web Application Firewall), and Private Links.
• System Administration: Strong knowledge of Windows Server and Linux hardening techniques.
• Automation: Proficiency in scripting (PowerShell, Azure CLI) and Infrastructure as Code (Terraform or Bicep) to automate security compliance.
• DevSecOps: Experience integrating security checks into CI/CD pipelines (Azure DevOps / GitHub Actions).
• Database Security: Proven experience securing cloud-based databases and managing data integrity.

Preferred Qualifications & Certifications

• AZ-500: Microsoft Azure Security Technologies (Highly Preferred).
• SC-200: Microsoft Security Operations Analyst.
• CISSP or CISM certification.
• Experience in high-security environments or research-driven technology sectors