Devoteam Cyber Trust | Lead Cloud Security Consultant — Microsoft Focus

Were building a new Cloud Security Practice that delivers outcome-driven security engagements across Microsoft Azure Microsoft 365 Google Cloud AWS and partner CNAPP platforms.

Were hiring a Lead Cloud Security Consultant Microsoft Focus as a hands-on cyber security expert. Youll help design how we deliver engagements execute them in the consoles and build the reusable assets the practice will scale on.

This is a cyber-first role with Microsoft as the primary stack. Microsoft Sentinel Defender XDR Defender for Cloud and Entra ID are the core of the work but you should be comfortable operating in broader cloud security contexts multi-cloud posture CNAPP findings exposure reduction when engagements call for it. You dont need to be a pure infrastructure engineer but you should understand cloud environments well enough to identify security gaps implement controls and help customers improve their posture.

What youll do

• Deliver cloud security engagements end-to-end with a Microsoft focus: Sentinel deployments Defender XDR rollouts Defender for Cloud implementations detection engineering threat hunting incident response support posture assessments Azure security reviews identity security improvements cloud hardening.

• Write KQL tune analytics rules build connectors configure Defender XDR policies and walk customers through what their telemetry posture exposure and risks mean.

• Assess and improve security controls across Sentinel Defender XDR Defender for Cloud Entra ID Azure workloads logging/monitoring and privileged access.

• Translate cyber security requirements into practical configurations remediation actions detection use cases and operational improvements.

• Support multi-cloud engagements (Google Cloud AWS) and CNAPP-related work where the customer needs posture improvement exposure reduction or detection coverage.

• Run customer-facing workshops and build the reusable assets the practice will scale on: playbooks deliverable templates KQL libraries detection rule packs configuration baselines hardening guides remediation roadmaps.

Qualifications :

Microsoft Sentinel:

• Deployed or supported Sentinel in production for at least one enterprise customer.

• Writes KQL from scratch for analytics rules hunting queries investigations and workbooks.

• Has built tuned or maintained analytics rules scheduled queries hunting queries or incident workflows.

• Has worked with data connectors including Microsoft and non-Microsoft sources.

• Has experience with automation rules Logic Apps playbooks or response workflows.

• Understands alert fatigue and has experience improving signal-to-noise in a SOC or monitoring environment.

Defender XDR cross-pillar:

• Configured and operated Defender for Endpoint Identity Office 365 and Cloud Apps.

• Investigated incidents spanning multiple pillars using the unified incident model.

• Comfortable with advanced hunting across the Defender XDR schema.

• Understands how Defender XDR and Sentinel complement each other in detection and response.

Azure and cloud security:

• Solid Azure security understanding from a cyber perspective not just infrastructure.

• Has delivered Azure security assessments posture improvement hardening or secure configuration reviews.

• Hands-on with Microsoft Defender for Cloud recommendations regulatory compliance workload protection posture management.

• Understands subscriptions/management groups Azure Policy RBAC logging/monitoring network exposure and workload protection.

• Comfortable working in broader cloud security contexts: posture management workload protection misconfiguration review exposure reduction.

Identity and access:

• Strong Microsoft Entra ID security MFA Conditional Access Identity Protection access reviews enterprise applications service principals.

• Familiarity with PIM RBAC least privilege break-glass accounts access governance.

• Understands identity as a core cloud security control.

Cloud security and CNAPP awareness:

• Understands CSPM CWPP attack paths misconfiguration abuse and cloud-specific attack patterns.

• Familiar with CNAPP concepts and tools.

• Can turn cloud security findings into practical remediation plans for security cloud and engineering teams.

Delivery experience:

• 5 years cybersecurity experience including relevant experience with the Microsoft security stack in a delivery consulting cloud security detection engineering or senior SOC role.

• Experience delivering client-facing cyber security work including assessments implementations workshops remediation planning or technical documentation.

• Able to produce clear technical deliverables: assessment reports implementation plans remediation roadmaps configuration baselines runbooks and executive-level summaries.

• Portuguese and English.

Nice to have

• Microsoft Purview DLP information protection insider risk.

• Google Cloud or AWS security background.

• Exposure to Wiz or another CNAPP platform.

• Experience with Infrastructure-as-Code security ideally Terraform Bicep ARM templates or CI/CD security reviews.

• Experience with DevSecOps secure cloud deployment patterns or security guardrails.

• Knowledge of Microsoft Cloud Security Benchmark CIS Benchmarks NIST ISO 27001 MITRE ATT&CK or cloud security reference architectures.

• Experience building reusable consulting assets such as KQL packs Sentinel deployment kits Defender configuration guides cloud security baselines assessment methodologies or remediation playbooks.

Certifications

Strongly valued: SC-100. 

Also valued: SC-200 AZ-500 SC-300 SC-400 CISSP CCSP Google Cloud Professional Cloud Security Engineer AWS Security Specialty.

Real operational and delivery experience matters more than certification recall.

Working style

• Hands-on by default in consoles weekly.

• Cyber-first mindset you look at Azure Microsoft 365 identity endpoints SaaS and cloud workloads through risk threat control effectiveness and operational security.

• Microsoft-focused cloud-aware Microsoft is your strongest stack but you can operate in multi-cloud conversations and broader cloud security engagements.

• Delivery-focused you can assess implement document and hand over.

• Iterative youd rather ship a working v1 in two weeks than a perfect v1 in four months.

• Plain-language translator you explain a detection a risky identity configuration a Defender recommendation or a CNAPP finding to a SOC analyst and a CFO using different words and the same accuracy.

• Builder you leave behind reusable assets not just closed tickets.

• Pragmatic you know the difference between an ideal target state and a workable next step for a real customer environment.

Additional Information :

Devoteam Group works for equal opportunities promoting its employees based on merit and actively fights against all forms of discrimination. We are convinced that diversity contributes to the creativity dynamism and excellence of our organization. All of our vacancies are open to people with disabilities.

Remote Work :

No

Employment Type :

Full-time