As Security Architecture & Engineering Lead (Cloud Focus), you will be the hands-on technical authority designing, implementing, and continuously evolving the cloud security architecture that protects billions in digital assets and ensures regulatory compliance. This is a deeply architectural and engineering role — 80-90% hands-on design, configuration, automation, and validation — where you will own the end-to-end security posture of the Azure estate while bridging it to blockchain-specific threats (key exposure, on-chain anomalies, bridge exploits, governance attacks). You will lead threat modeling, zero-trust controls, secure-by-design cloud patterns, incident response engineering, and coordination with the managed SOC partner.
Requirements:
8–15+ years in cloud security architecture & engineering, with 6+ years deep hands-on with Microsoft Azure (security specialization).
Expert-level proficiency in Azure security stack: Entra ID (Conditional Access, PIM, RBAC), Key Vault Managed HSM (FIPS 140-2 Level 3), Defender for Cloud/Sentinel (KQL analytics, playbooks), Azure Firewall/NSGs, Private Link, DDoS Protection, and Azure Policy-as-Code.
Proven hands-on experience leading incident response in Azure environments — including containment, forensics, coordination with external SOC providers, and regulatory reporting.
Strong understanding of zero-trust architecture, workload identity federation (OIDC), secrets management, network micro-segmentation, and cloud-native DevSecOps.
Experience correlating cloud logs/alerts with blockchain-specific threats (on-chain anomalies, wallet activity, bridge exploits).
Deep knowledge of UAE regulatory frameworks: CBUAE, ADGM FSRA.
Experience integrating cloud SIEM with blockchain threat intelligence
Excellent scripting & automation skills (Terraform IAC, PowerShell, Azure CLI, Bicep/ARM, KQL).
Responsibilities:
Hands-on Azure Security Implementation & Hardening:
Design, deploy, and maintain zero-trust controls across Azure: Entra ID Conditional Access, Private Link for all PaaS (Key Vault, Cosmos DB, Blob), Azure Firewall + NSGs (deny-by-default), DDoS Protection Standard, and workload identity federation (OIDC).
Manage Microsoft Sentinel as central SIEM: ingest Azure logs, Defender alerts, on-chain events (via custom connectors), and endpoint telemetry; build and maintain custom analytics rules for cloud + blockchain threats (e.g., anomalous Key Vault access, large unauthorized transfers, admin console abuse).
Implement and manage Azure Key Vault Managed HSM (FIPS 140-2 Level 3) for non-exportable keys, transaction signing, MPC roots — including private endpoints, rotation policies, and purge protection.
Perform hands-on network micro-segmentation, CSPM remediation, and secrets scanning across AKS, VMs, and storage accounts.
Perform quarterly Azure security assessments, configuration reviews, and regulatory mapping.
Infrastructure as a code (IAC) automation – for terraform
Advise Infrastructure team on the Cloudflare security (DDOS, bot)
Implement any security tools that are necessary for the operation
Incident Detection, Response & SOC Coordination:
Act as primary hands-on responder for detected incidents: investigate alerts, contain threats (isolate resources, rotate keys, pause workloads), and coordinate with managed SOC analysts (24/7 escalation path).
Develop, maintain, and execute Azure-specific incident playbooks (e.g., Key Vault compromise, suspicious IAM activity, data exfiltration, DDoS).
Lead real-time containment during high-severity events (P1/P2
Advise the SOC team on regularly tuning detection rules, reducing false positives, and validating the SOC partner’s performance through joint drills.
Correlate cloud alerts (e.g., Defender for Endpoint, Sentinel) with on-chain signals (large transfers, privileged calls, oracle manipulation) for hybrid threat detection.
