Job Title: Azure Cloud Security
Location: Remote (Candidates must sit in EST or CST time zones)
Duration: 6 months
Job Description
Top Skills' Details
5+ years of Azure cloud infrastructure experience at an enterprise level
Infrastructure as Code (IaC) - experience is a MUST and focus for this role
Azure - landing zone and VNets
Powershell
Terraform
nice to have:
Wiz
IAM - identity access management in Azure
Experience w/ NoSQL databases (DynamoDB) - Nice to have
Major plus:
OPA - Open Policy Agent
REGO - Rego is a general-purpose policy language, which means that it works for any layer of the stack and any domain. The primary purpose of Rego is to accept JSON/YAML inputs and data that are evaluated to make policy-enabled decisions about infrastructure resources, identities, and operations.
Overview:
This role focuses on supporting and enhancing the Azure cloud platform environment. It involves a combination of Business As Usual (BAU) support and critical engineering work. A significant portion of the role is dedicated to ensuring governance, compliance, and security posture within the Azure environment. The primary objective is to proactively address compliance requirements and security findings.
Key Responsibilities:
Engage proactively in Azure governance and compliance activities.
Pull and analyze compliance data to identify non-compliance findings.
Review control adherence and take necessary action on non-compliant resources or configurations.
Ensure Azure services and the teams utilizing them maintain compliance with established standards.
Proactively address potential compliance issues before they are identified by auditors or testers.
Perform security bug fixes to remediate non-compliance issues, which is considered engineering work. This involves problem-solving and developing solutions to bring configurations back into compliance.
Participate in control validation processes, including TCT (Terraform Compliance Testing) testing walkthroughs. Provide documentation or walkthroughs to show how controls are met and monitored.
Understand and interpret existing runbooks, many of which are written in PowerShell, used for monitoring control effectiveness.
Conduct feasibility reviews for net new controls proposed by the cyber risk team, assessing their technical viability within Azure.
Review, update, and/or create new detective controls. This may involve translating existing controls from PowerShell runbooks into Wiz/Rego. Implementation of these controls is the responsibility of this role.
Identify issues related to controls where policies are not used and monitoring relies on runbooks (often Azure Automation runbooks written in PowerShell).
Contribute to discussions and potentially the implementation of a future disconnected Azure tenant/sandbox environment, with a focus on establishing controls and governance
May contribute to identity-related work within Azure, understanding authentication and authorization concepts.
Required Skills & Qualifications:
Solid foundation in cloud infrastructure, with expertise in Microsoft Azure services and architecture. Must understand Azure services inside out, including various configurations and associated risks.
Ability to build with code; again the role is not that of a cloud administrator solely performing tasks via the GUI.
Essential knowledge of PowerShell is required to understand existing runbooks and control configurations.
Familiarity with or the ability to quickly learn Wiz/Rego for implementing detective controls is necessary.
Understanding of cloud security principles, governance frameworks, and compliance requirements.
Ability to troubleshoot technical issues within the Azure platform.
Understanding of cloud-based identity and access management (IAM) concepts, including authentication and authorization.