Azure Cloud Security Architect Job Listing at SPA in Alexandria, VA (Job ID 2025-19588)

Description

Qualifications

Required Qualifications:

Experience:

• 8+ years in cybersecurity roles, with 5+ years focused on Azure cloud security.
• Proven experience designing secure, multi-subscription Azure environments that integrate with external partners.

Technical Skills:

• Expertise in Azure services: Azure AD, Azure Firewall, Microsoft Defender for Cloud, Azure Sentinel, Key Vault, and Conditional Access Policies.
• Strong knowledge of B2B interconnectivity, including Azure AD B2B, Guest Access, and identity federation.
• Hands-on experience with hybrid connectivity using ExpressRoute, VPN Gateway, Private Link, and Azure Virtual WAN.
• Proficiency with Infrastructure as Code (IaC) tools, including Terraform, ARM templates, or Bicep.

Compliance Knowledge:

• Deep understanding of regulatory frameworks like NIST SP 800-53, CMMC, FedRAMP, ISO 27001, and DoD Impact Levels (IL2-IL6).
• Familiarity with governance tools such as Azure Policy and Blueprints.

Certifications:

• Microsoft Certified: Azure Security Engineer Associate (required).
• Additional certifications such as Azure Solutions Architect Expert, CISSP, or CCSP are preferred.

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and collaboration skills, with the ability to work with diverse stakeholders.
• Leadership and mentoring capabilities to guide teams in adopting secure practices.

Desired Qualifications: 

• Experience with Mission Landing Zone (MLZ) design and deployment.
• Knowledge of cross-domain solutions (CDS) and secure data transfer mechanisms.
• Expertise in secure DevOps (DevSecOps) and CI/CD pipeline integration.
• Experience with multi-cloud and inter-cloud security architectures.

1. Security Architecture Design

• Design secure cloud architectures incorporating zero trust, SCCA, and MLZ principles.
• Develop hub-and-spoke network architectures using Azure Firewall, VPN Gateway, ExpressRoute, and Network Security Groups (NSGs).
• Architect secure identity and access solutions using Azure AD, Privileged Identity Management (PIM), Key Vault, and Conditional Access Policies.

1. B2B and Enterprise Interconnectivity

• Implement secure B2B collaboration solutions using Azure AD B2B, Guest Access, and Conditional Access Policies.
• Architect identity federation across Azure AD tenants or with third-party identity providers to enable seamless partner integration.
• Design and manage hybrid connectivity using ExpressRoute, VPN Gateway, Azure Private Link, and Virtual WAN.
• Enable secure integration with third-party SaaS platforms and APIs using Azure API Management.

1. Regulatory Compliance

• Ensure solutions meet frameworks like NIST SP 800-53, CMMC, FedRAMP, and ISO 27001.
• Use Azure Policy and Blueprints to enforce compliance across subscriptions and workloads.
• Provide technical support during audits, ensuring compliance evidence is well-documented.

1. Threat Management

• Deploy and configure threat detection and response tools such as Azure Sentinel and Microsoft Defender for Cloud.
• Conduct threat modeling, vulnerability assessments, and penetration testing.
• Implement and optimize SIEM solutions and integrate them with monitoring tools like Log Analytics and Network Watcher.

1. Governance and Risk Management

• Establish governance frameworks, including role-based access control (RBAC), resource tagging, and least privilege access.
• Develop security baselines for Development, Production, and Sandbox environments.
• Collaborate with stakeholders to identify risks and design mitigating controls for interconnectivity and workloads.

1. Automation and Integration

• Build Infrastructure as Code (IaC) solutions using Terraform, ARM templates, or Bicep to automate compliance and security controls.
• Integrate security into DevOps pipelines, enabling secure software delivery (DevSecOps).
• Automate incident detection and remediation workflows to reduce response times.

1. Collaboration and Leadership

• Partner with cloud architects, DevOps teams, and cybersecurity professionals to implement secure, scalable solutions.
• Act as a technical leader, guiding teams to embed security best practices across the system development lifecycle (SDLC).
• Mentor junior engineers and architects, fostering a security-focused culture.