Azure/M365 Cloud Security Architect
Full-time
United States – Must Work East Coast Hours
Up to 10% Travel
Primary Purpose and Goal of Role
Our company is seeking an experienced Azure/M365 Cybersecurity Architect who can provide technical guidance on designing and implementing secure enterprise solutions within the cloud. The ideal candidate will work closely with multidisciplinary teams and be responsible for ensuring the security of our organization's systems, applications, and data
Responsibilities
- Develop and maintain a comprehensive cybersecurity architecture, with an emphasis on enterprise-level cloud security practices, including network security, web application security, data protection, and identity and access management
- Collaborate with cross-functional teams to understand business needs and translate them into technical security requirements, focusing on industry-standard frameworks such as NIST Cybersecurity Framework and ISO 27001/2, OWASP Top 10, CIS, FedRAMP, etc.
- Conduct security assessments to identify potential threats and vulnerabilities, and develop strategies to mitigate them, utilizing industry-standard tools such as vulnerability scanners, penetration testing frameworks, and SIEM platforms
- Experience communicating risk to technical and non-technical audiences to include C-suite executives leveraging risk frameworks such as STRIDE and/or DREAD.
- Develop and maintain security policies and procedures, aligned with industry standards and enterprise architecture principles, and enforce compliance through regular audits and assessments
- Design and implement secure enterprise solutions, utilizing industry-standard security technologies and practices, such as secure coding practices (i.e. DevSecOps), encryption, network segmentation, and endpoint protection
- Monitor and analyze security events and incidents, and provide guidance and support to incident response teams, leveraging incident response frameworks such as NIST SP 800-61r2
- Stay up-to-date with the latest security trends and developments, and evaluate new security technologies and practices for adoption, including cloud security and zero trust architectures
Requirements
- Bachelor's degree in computer science, information technology, or a related field, with a focus on cybersecurity and enterprise architecture
- Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified Cloud Security Professional (CCSP) are preferred
- Cloud security certifications such as (CCSP, AZ-500, MS-500, or SC-100) or demonstrated equivalent experience
- Web Application Security/Pen testing certifications such as SANS GWAPT, CEH, GPEN, or OSCP or demonstrated equivalent experience
- Minimum 5-10 years of experience in cybersecurity architecture, with a strong emphasis on enterprise-level security practices, and experience with enterprise architecture frameworks such as TOGAF and SABSA
- Expertise in industry-standard security frameworks such as NIST Cybersecurity Framework and ISO 27001/2, as well as compliance frameworks such as HIPAA, PCI, and GDPR
- Experience with security risk assessments, vulnerability management, and incident response, leveraging industry-standard frameworks and methodologies such as FAIR and NIST SP 800-61r2
- Strong analytical and problem-solving skills, with the ability to translate business requirements into technical security solutions
- Excellent communication and collaboration skills, with the ability to interface with both technical and non-technical stakeholders
Quzara LLC is an Equal Employment/Affirmative Action employer. We do not discriminate in hiring based on sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state, or local law.