Senior Cloud Security Engineer

1. Cloud Security Management

• Administer and manage cloud-native network security controls such as Azure Network Security Groups (NSGs), AWS Security Groups, and cloud firewall policies.
• Oversee secure network connectivity between cloud and on-premise environments, including VPN configurations, VNet peering, ExpressRoute, and Direct Connect.
• Ensure cloud network configurations adhere to best practices for traffic segmentation, least-privilege access, and encrypted communications.

2. Threat Detection & Response

• Investigate cloud-based and network-related security alerts using tools such as Microsoft Defender for Cloud, AWS GuardDuty, and Azure Sentinel.
• Ensure comprehensive log forwarding from cloud environments to central SIEM platforms (e.g. Splunk, Sentinel) to enable real-time threat correlation and effective incident response.

3. Access Control & Perimeter Security

• Support Zero Trust Architecture implementation through Just-in-Time (JIT) access, Privileged Identity Management (PIM), and conditional access policies.
• Implement network segmentation, micro-segmentation, and edge security measures using Web Application Firewalls (WAFs), DDoS protection, and Content Delivery Networks (CDNs).

4. Secure Remote Access & ZTNA Project Support

• Lead the evaluation, implementation, and operations of Zero Trust Network Access (ZTNA) and SASE solutions to deliver secure, policy-enforced remote access.
• Manage VPN gateway configurations across multiple platforms, including Azure, AWS, and hybrid infrastructures.

5. Microsoft 365 Security (M365 Project)

• Support the M365 rollout by implementing network and endpoint security controls across Exchange Online, SharePoint, OneDrive, and Microsoft Teams.
• Ensure secure access, Data Loss Prevention (DLP), and integration with Defender for Office 365, Microsoft Purview, and cloud app security tools.
• Collaborate with identity and endpoint teams to ensure secure hybrid deployments, focusing on identity protection, conditional access, and endpoint hardening.

6. Endpoint Security Controls

• Implement and monitor endpoint protection on cloud-hosted and hybrid workloads using tools such as Defender for Endpoint, CrowdStrike, or equivalent EDR/XDR solutions.
• Ensure all virtual machines and containers are onboarded to endpoint security platforms, with anti-malware, exploit protection, and device compliance policies enforced.
• Collaborate with infrastructure and operations teams to ensure patching and vulnerability remediation processes are consistently applied to cloud workloads.
• Maintain full visibility of cloud network activity through flow logs (e.g. NSG Flow Logs, VPC Flow Logs, Azure Monitor).
• Generate audit-ready reports aligned with regulatory and industry frameworks such as PCI DSS, BNM-RMiT, and MAS TRM.
• Continuously improve monitoring and detection use cases relevant to cloud network and endpoint activity.
• Provide expert security input during cloud adoption, migration, and hybrid cloud initiatives.
• Validate secure configuration and deployment of cloud components including transit gateways, NAT gateways, bastion hosts, and proxy servers.

9. Knowledge Sharing & Upskilling

• Stay current with evolving cloud security technologies and frameworks such as the Microsoft Cloud Adoption Framework (CAF) and AWS Well-Architected – Security Pillar.
• Mentor junior staff and contribute to the development of internal SOPs, incident playbooks, and operational runbooks.

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field.
• 7+ years of experience managing cloud network security and related cloud security operations.
• Experience implementing cloud security controls and frameworks (e.g., CIS, NIST, ISO 27001).
• Proven experience with Azure, AWS, or hybrid cloud environments with hands‑on work in cloud network security controls.
• Experience supporting Microsoft 365 security projects, especially related to secure network access and data protection.