Azure Cloud Engineer (Security-Focused)

Job Description

We’re looking for an Azure specialist who loves building reliable cloud platforms and hardening them. You’ll own day-to-day Azure engineering (networking, identity, storage, compute) while leading security-by-design practices across our tenants, subscriptions, and apps.

What you’ll do

Design & Build

  • Architect and implement secure Azure landing zones (Hub/Spoke, subscriptions, RBAC, management groups).
  • Stand up and harden core services: VNets, private endpoints, NSGs/ASGs, Azure Firewall/WAF, Application Gateway, API Management, Bastion, AKS, App Services, Functions, Storage, SQL.
  • Implement encryption/key management using Key Vault/Managed HSM; configure backup/DR with Azure Backup & Site Recovery.

Identity & Access Administer

  • Microsoft Entra ID (Azure AD): Conditional Access, MFA, SSPR, PIM, app registrations, service principals, SCIM/SSO.
  • Define least-privilege RBAC, custom roles, and access review processes.

Security Engineering

  • Deploy and tune Microsoft Defender for Cloud and Defender for Cloud Apps; enable recommendations, just-in-time access, and vulnerability assessments.
  • Implement Microsoft Sentinel: data connectors, analytics rules, UEBA, hunting queries (KQL), playbooks/automation (Logic Apps).
  • Secure containers and Kubernetes (AKS) with Defender for Containers, image scanning, pod security, and network policies.
  • Protect web apps & APIs with WAF policies, DDoS Protection, and secret rotation.

Governance & Compliance

  • Enforce baseline controls via Azure Policy, Initiative/Blueprints, and regulatory mappings (CIS, NIST, ISO 27001, SOC 2).
  • Build security guardrails and golden images; manage change via pull requests and approvals.

Observability & Incident

  • Response Centralize logs with Log Analytics/Diagnostic Settings; write KQL queries and dashboards.
  • Develop runbooks/playbooks for alert triage, incident containment, and post-incident review.

Automation and IaC

  • Use Bicep/Terraform to provision infrastructure; standardize modules and pipelines.
  • Integrate DevSecOps in Azure DevOps/GitHub Actions: SAST/DAST/secret scanning, policy checks, artifact signing.

Collaboration

  • Partner with app teams to threat-model designs, review architectures, and enable secure release patterns.
  • Mentor engineers; document patterns and How-To guides.

Certifications

  • AZ-500 (Azure Security Engineer Associate)
  • AZ-104 / AZ-305 (Administrator / Solutions Architect)
  • SC-200 / SC-300 (Security Operations Analyst / Identity & Access)

Shift: Day
Experience: 4+ Years Exp.
Job Location: Gurugram India

Apply for this position

Allowed Type(s): .pdf, .doc, .docx