Azure Security Manager
Share
Job Location:
Amstelveen - Netherlands
Monthly Salary:
Not Disclosed
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Cloud platform architecture & landing zones
- Design EnterpriseScale Azure Landing Zones per CAF (management groups subscription strategy naming/tagging).
- Engineer guardrails using Azure Policy/initiatives and automate subscription vending with Bicep/Terraform.
Data protection & key management
- Enforce encryption by default; apply CMK for PaaS; govern secrets/certificates with Azure Key Vault.
- Adopt Microsoft Purviewaligned protection patterns and define DR/backup guardrails for critical data services.
Container & platform hardening
- Define AKS standards (policy for Kubernetes RBAC network policies ACR signing/scanning gates).
- Secure PaaS (App Service Functions Storage SQL Cosmos DB) with least privilege and network isolation.
Identity & privileged access (Microsoft Entra)
- Establish Conditional Access baselines authentication strengths workload identities and B2B collaboration.
- Implement PIM (justintime) RBAC/ABAC models breakglass design and access reviews.
Network & perimeter security
- Architect hubandspoke or Virtual WAN with zerotrust segmentation.
- Implement Private Link/Endpoints Azure Firewall/WAF DDoS Protection and NSG/ASG/egress controls.
Posture & compliance (buildtime/runtime)
- Own Defender for Cloud CSPM enablement and riskbased remediation (agentless assessments vuln management).
- Map controls to CIS Azure Microsoft Cloud Security Benchmark and NIST CSF 2.0; run exceptions/RA processes.
DevSecOps guardrails & automation
- Integrate security in CI/CD: IaC policy checks codetocloud mapping and signed artifacts.
- Automate platform changes with Bicep/Terraform GitOps and change approvals; publish reusable modules.
Collaboration & handover
- Lead multidisciplinary teams coach consultants and communicate design tradeoffs to senior stakeholders.
Impact youll make in the first months
- Accelerate secure landing zone rollout with automated subscription vending and policy packages.
- Reduce standing privileges via PIM and staged Conditional Access baselines.
- Improve secure score through prioritized CSPM remediation and IaCenforced guardrails.
Qualifications :
- 712 years in cyber/cloud security with 3 years leading Azure platform security architecture and hardening.
- Handson depth in Entra ID (CA PIM) Azure Policy Bicep/Terraform Key Vault network security and Defender for Cloud (CSPM).
- Ability to map designs to CAF/EnterpriseScale WellArchitected (Security) CIS Azure and NIST CSF 2.0.
- Consulting skills: stakeholder management clear storytelling and delivery leadership.
- Typical certifications: SC100 AZ500 SC300.
Aanvullende informatie :
- Salary between EUR 5100 and EUR 6500
- 30 vacation days (based on full-time employment) with the option to buy additional days or sell your vacation days.
- A lease car NS business card or a mobility allowance.
- A flexible pension scheme with no mandatory personal contribution.
- A wide range of training and educational programs to support your professional and personal development.
- Focus on vitality! Work out at the office in Amstelveen or get a discount at a gym near you plus access to coaching health and wellness programs.
- Together is one of our core values. You can expect various social activities such as team outings drinks and events with your colleagues.
Remote Work :
No
Employment Type :
Full-time
Key Skills
- Crisis Management
- IDS
- FedRAMP
- ICD Coding
- Military Experience
- PCI
- Business Management
- Conflict Management
- NIST Standards
- Security
- Information Security
- Encryption
About Company
We offer high-quality services in the areas of Audit and Advisory. As overseers of economic traffic, our accountants provide confidence when it comes to information. Our advisers develop advanced digital and other solutions for tomorrows economy. At KPMG, its not just about what w ... View more
