Sr. Azure Security Architect to support NIST Cybersecurity Framework (CSF) remediations

Our valued client is looking for a Sr. Azure Security Architect to support NIST Cybersecurity Framework (CSF) remediations

This is a remote full-time (7 hours/day) position for approximately 5.5 months

Tasks include:

• Configure and deploy a Web Gateway/URL filtering solution (likely Global Secure Access from Microsoft) with TLS traffic inspection to enforce web access policies for enterprise desktops and laptops, support the corporate acceptable use policy, and enhance cybersecurity resiliency against malware, exploits, phishing, and downloads of unauthorized executables.
• Evaluate logging requirements for business application logs and implement configuration changes to existing Microsoft Sentinel SIEM and IT infrastructure to permit the centralized collection and secure storage of those logs into the SIEM for monitoring, analysis, and compliance purposes.
• Review the current state of collected logs against existing security standards and policies and remediate any identified gaps by expanding log collection and integration through the SIEM to ensure comprehensive coverage and compliance
• Provide subject matter expertise and support the secure design, implementation and operation of the Azure Cloud infrastructure;
• Collaborate with stakeholders to develop and implement secure Azure cloud architecture and solutions. Ensure the integration of appropriate security controls and mechanisms, such as identity and access management, network security, data protection, encryption, and monitoring;
• Establish and enforce Azure security governance frameworks, policies, and standards. Conduct regular security assessments and audits to identify vulnerabilities, risks, and compliance gaps. Develop and implement remediation strategies to address identified issues;
• Define the organization's Azure security strategy and roadmap, aligned with business objectives and risk appetite. Stay updated with the latest Azure security features, tools, and technologies to drive continuous improvement and innovation in security architecture;
• Conduct threat modeling exercises and risk assessments to identify and prioritize potential threats and vulnerabilities. Collaborate with other security teams to develop mitigation strategies and recommend security controls to address identified risks;
• Lead the design and review of Azure cloud infrastructure components, including virtual networks, storage accounts, virtual machines, and Azure services. Ensure adherence to security best practices, industry standards, and regulatory requirements;
• Collaborate with incident response teams to develop and enhance Azure cloud-specific incident response plans and playbooks. Participate in security incident investigations, provide expertise on Azure-specific incidents, and contribute to post-incident reviews and lessons learned;
• Promote a security-conscious culture within the organization. Develop and deliver training programs to educate stakeholders on Azure security best practices, secure coding, and compliance requirements; and
• Work closely with cross-functional teams, including cloud architects, developers, operations teams, and compliance officers, to ensure security is integrated throughout the Azure cloud lifecycle. Communicate security risks, recommendations, and requirements to technical and non-technical stakeholders in a clear and concise manner

Must have:

• Reliability clearance with the Federal Government
• An undergraduate or graduate degree in Information Technology or equivalent
• Microsoft Certified: Azure Security Engineer Associate, Cybersecurity Architect Expert or equivalent Microsoft Certification;
• In-depth understanding of network security, identity and access management, encryption, and data protection mechanisms
• Experience applying Information Technology Security Guidance (ITSG-33) and Government of Canada security standards in a Cloud environment

Nice to have:

• Experience implementing Microsoft Global Secure Access; and
• Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP), or similar certifications