Azure Cloud Security & Compliance Architect

• Propose and follow up with the various teams the necessary improvements to increase the Security Score in Defender;
  
• Design secure multi-subscription / multi-tenant landing zones in Azure and OCI aligned to the five Well-Architected pillars (Security Reliability Performance Efficiency Operational Excellence Cost);
  
• Drive container-security reference architectures (AKS OKE ACI OCI Containers Kubernetes on IaaS) that satisfy NIST SP 800-190 and NSA/CISA hardening guidance;
  
• Map regulatory and internal requirements to the Azure Security Benchmark/Baseline CIS Azure/OCI 2.0 controls PCI DSS ISO 27001 and SOC 2;
  
• Build automated policy as code (Azure Policy OCI Guardrails Terraform Sentinel OPA/Gatekeeper) to enforce guardrails and generate evidence for auditors;
  
• Develop and maintain IaC modules (Bicep/Terraform/OCI Resource Manager) with integrated security controls reusable across product teams;
  
• Integrate static/dynamic IaC security scans (Azure Defender for cloud Oracle Guard tfsec Trivy Dockle) and container image signing into the CI/CD pipeline (GitHub Actions/Azure DevOps/ArgoCD);
  
• Configure Azure Security Center/Defender Microsoft Sentinel and OCI Cloud Guard to detect triage and respond to threats;
  
• Establish KPIs/KRIs and real-time dashboards for cloud posture vulnerability debt and compliance drift;
  
• Act as a trusted advisor to engineering teams running threat-model workshops training on secure coding and championing a paved-road DevSecOps culture;
  
• Evaluate emerging controls (Confidential Computing SBOM DICE-based attestation) and present recommendations to the Architecture Review Board.
  

Requirements

• Hands-on experience in improving the Security Score in Defender through configuring Microsoft Security tools (Microsoft Defender for Cloud CSPM/CWPP Defender for Endpoint Defender for Cloud Apps Microsoft DLP Microsoft for Identity);
  
• 5 years in infrastructure or security engineering with 5 years focused on public cloud (Azure and/or OCI);
  
• Proven design and delivery of secure landing zones at scale including micro-segmentation identity & access boundary logging pipeline data-classification and encryption strategy;
  
• Deep knowledge of Azure Well-Architected Framework Azure Security Benchmark/Baseline CIS Foundations Benchmark v2.0 (Azure & OCI) NIST SP 800-190 NIST CSF/800-53 and MITRE ATT cloud tactics;
  
• Hands-on mastery with Terraform/Bicep Kubernetes security (RBAC network policies PodSecurity standards) container registry hardening and image-signing (Cosign/Notary v2);
  
• Experience integrating cloud workloads with SIEM/SOAR platforms (Sentinel Splunk QRadar) EDR and CSPM tools (Wiz Prisma Cloud Microsoft Defender CSPM);
  
• Scripting / coding proficiency (PowerShell Python Go or similar) for automation and custom control development;
  
• Certifications: AZ-305 / AZ-500 OCI Architect Professional CCSP or CISSP-ISSAP (or equivalent demonstrable expertise);
  
• Preferably with Cloud Oracle knowledge;
  
• Portuguese C1; English B1.
  

• Experience with Confidential VMs/OCI Shielded Instances Azure Arc/OCI Hybrid control plane and Zero Trust reference implementations;
  
• Background in highly regulated sectors (financial services life sciences government);
  
• Contributions to open-source security tools or benchmarks (CIS community open-policy-agent policies etc.).
  

Benefits

• Our company does not sponsor work visas or work permits. All applicants must have the legal right to work in the country where the position is based.
  
• Only candidates who meet the required qualifications and match the profile requested by our clients will be contacted.