We're looking for an Azure specialist who loves building reliable cloud platforms
and
hardening them. You'll own day-to-day Azure engineering (networking, identity, storage, compute) while leading security-by-design practices across our tenants, subscriptions, and apps.
Requirement:
Architect and implement secure Azure landing zones (Hub/Spoke, subscriptions, RBAC, management groups).
Stand up and harden core services: VNets, private endpoints, NSGs/ASGs, Azure Firewall/WAF, Application Gateway, API Management, Bastion, AKS, App Services, Functions, Storage, SQL.
Implement encryption/key management using Key Vault/Managed HSM; configure backup/DR with Azure Backup & Site Recovery.
Identity & Access Administer
Microsoft Entra ID (Azure AD): Conditional Access, MFA, SSPR, PIM, app registrations, service principals, SCIM/SSO.
Define least-privilege RBAC, custom roles, and access review processes.
Security Engineering
Deploy and tune
Microsoft Defender for Cloud
and
Defender for Cloud Apps
; enable recommendations, just-in-time access, and vulnerability assessments.
Implement
Microsoft Sentinel
: data connectors, analytics rules, UEBA, hunting queries (KQL), playbooks/automation (Logic Apps).
Secure containers and Kubernetes (AKS) with Defender for Containers, image scanning, pod security, and network policies.
Protect web apps & APIs with WAF policies, DDoS Protection, and secret rotation.
Governance & Compliance
Enforce baseline controls via
Azure Policy
, Initiative/Blueprints, and regulatory mappings (CIS, NIST, ISO 27001, SOC 2).
Build security guardrails and golden images; manage change via pull requests and approvals.
Observability & Incident
Response Centralize logs with Log Analytics/Diagnostic Settings; write KQL queries and dashboards.
Develop runbooks/playbooks for alert triage, incident containment, and post-incident review.
Automation and IaC
Use Bicep/Terraform to provision infrastructure; standardize modules and pipelines.
Integrate DevSecOps in Azure DevOps/GitHub Actions: SAST/DAST/secret scanning, policy checks, artifact signing.
Collaboration
Partner with app teams to threat-model designs, review architectures, and enable secure release patterns.
Mentor engineers; document patterns and How-To guides.
What you'll bring
4+ years building on
Microsoft Azure
in production environments (or equivalent depth).
Hands-on with several of: VNets/peering, private link, App Gateway/WAF, Azure Firewall, AKS, App Services, Storage, SQL/MI, Key Vault, API Management.
Strong
security
skills: Entra ID, Conditional Access/MFA, RBAC/PIM, Azure Policy, Defender for Cloud, Sentinel (KQL), vulnerability management, key management.
Proficiency with
IaC
(Terraform or Bicep) and CI/CD (Azure DevOps or GitHub Actions).
Solid grasp of Zero Trust, least privilege, segmentation, encryption at rest/in transit.
Scripting skills (PowerShell or Python) for automation.
Clear communication and the ability to influence good security practices.
Job Type: Full-time
Pay: ₹899,077.27 - ₹1,558,625.03 per year
Benefits:
Flexible schedule
Paid sick time
Paid time off
Provident Fund
Work from home
Ability to commute/relocate:
Gurugram, Haryana: Reliably commute or planning to relocate before starting work (Required)
Experience:
Cloud Engineer : 4 years (Required)
License/Certification: