Cloud Security Architect

Job Description

<p>We are looking for a <b>Cloud Security Architect </b>for a <b>4-month contract position, with possible extensions</b> in <b>Calgary, Alberta.</b> <b>Must be legally entitled to work in Canada. </b></p><p><br></p><p><b>This position is on-site in downtown Calgary, 40 hours per week. </b></p><p><br></p><p><b>Role Description</b></p><p>Our client is undertaking a strategic initiative to address architectural and operational limitations in its Azure cloud environment. The goal is to improve scalability, security, and governance through targeted assessments and redesigns. The project is structured around three key milestones:</p><p><br></p><p><b>Cloud Security Assessment (Primary Focus for This Role)</b></p><p>The Company has Microsoft Defender for Cloud and Sentinel available, but deployment is inconsistent. The immediate</p><p>priority is Defender for Cloud, which has the potential to significantly improve threat protection and compliance.</p><p>Sentinel will be evaluated further with stakeholders. Key Contributions Expected:</p><ul><li>Define a consistent framework for Defender for Cloud.</li><li>Align security posture with regulatory standards and governance goals.</li><li>Support secure workload expansion and collaboration between security and operations.</li><li>Provide recommendation for Sentinel improvements.</li></ul><p><br></p><p><b>Cloud Networking Enhancement (Secondary Input Area)</b></p><p>Current network architecture exposes critical resources via public endpoints and lacks cohesive design across</p><p>DNS, NSGs, firewalls, and ExpressRoute. Input May Include:</p><ul><li>Recommendations for securing resources with private endpoints.</li><li>Guidance on strategic IP and DNS design to support automation and performance.</li></ul><p><br></p><p><b>Landing Zone Assessment (Secondary Input Area)</b></p><p>Existing landing zones limit scalability and clarity. Planning is needed to support AI and Data workloads and</p><p>standardize governance across subscriptions. Input May Include:</p><ul><li>Support in defining governance frameworks and subscription strategies.</li><li>Collaboration on scalable landing zone design aligned with security best practices.</li></ul><p><br></p><p><b>Responsibilities</b></p><ul><li>Assess readiness and define criteria for adopting Defender for Cloud alongside Sentinel to enhance threat detection and response capabilities.</li><li>Develop a strategic roadmap to elevate security configurations and align with best practices.</li></ul><p><br></p><p><b>Required Skills and Experience</b></p><ul><li><b>7-10+ years of working with Cloud Security, Identity Management solutions and Cloud Infrastructure</b></li><li>Microsoft Defender for Cloud expertise</li><li>Hands-on experience configuring, deploying, and managing Defender for Cloud across hybrid environments.</li><li>Familiarity with threat detection, vulnerability management, and compliance features.</li><li>Azure Security Best Practices</li><li>Deep understanding of Azure security controls, including RBAC, policies, and secure workload design.</li><li>Experience aligning cloud security with regulatory and governance frameworks.</li><li>Security Operations & Monitoring</li><li>Experience with centralized monitoring, incident response, and integration with SIEM tools.</li><li>Ability to assess and improve security posture using Azure-native tools.</li><li>Cloud Architecture Awareness</li><li>Ability to collaborate with architects and infrastructure teams to ensure security is embedded in design decisions.</li><li>Ability to explain complex systems to stakeholders and project team members in a very simple format for understanding.</li><li>Comfortable working with cross-functional teams, including business, operations and IT Architecture.</li><li>Skilled in translating technical risks into business-relevant language.</li><li>Microsoft Defender for Cloud for Azure Services (eg: VM's Storage, SQL, Containers, etc)</li><li>Policy configuration, threat detection, vulnerability management, and compliance integration.</li><li>Azure Security Center & Sentinel</li><li>Experience with SIEM integration, incident response workflows, and log analytics.</li><li>Azure Role-Based Access Control (RBAC) and Policy Management</li><li>Designing and enforcing least-privilege access and governance controls.</li><li>DevSecOps</li><li>Integrate Security best practices throughout the SDLC and CI/CD pipelines using Infrastructure as Code and Policy as Code.</li><li>Security Monitoring & Incident Response</li><li>Familiarity with alerts, playbooks, and centralized monitoring strategies.</li><li>Regulatory Compliance Alignment</li><li>Understanding standards like ISO 27001, NIST, CIS benchmarks, and audit readiness</li></ul><p><br></p><p><b>Desired Skills and Experience </b></p><ul><li>Microsoft Sentinel knowledge</li><li>Experience with Sentinel setup, use cases, and integration with Defender for Cloud.</li><li>Cloud Networking Fundamentals</li><li>Understanding Azure networking components (NSGs, firewalls, ExpressRoute, DNS).</li><li>Familiarity with private endpoints and zero-trust architecture.</li><li>Landing Zone Design Experience</li><li>Exposure to Azure Landing Zone frameworks and subscription/management group strategies.</li><li>Ability to advise on governance and policy standardization.</li><li>Automation & Infrastructure as Code (IaC)</li><li>Experience with tools like Bicep, Terraform, or ARM templates for deploying security configurations.</li><li>Audit & Compliance Alignment</li><li>Knowledge of audit readiness practices and compliance standards (e.g., ISO, NIST, CIS benchmarks).</li><li>Private Endpoint Configuration</li><li>Securing services like Key Vault, Data Lake, and Databricks.</li><li>Azure Networking Fundamentals</li><li>NSGs, firewalls, ExpressRoute, DNS, and IP planning.</li><li>Landing Zone Design Principles</li><li>Subscription strategy, management groups, and governance frameworks.</li><li>Infrastructure as Code (IaC)</li><li>Experience with Bicep, Terraform, or ARM templates for security automation.</li><li>Security Operations Collaboration</li><li>Ability to work with SOC teams and integrate security into DevOps workflows.</li></ul><p><br></p><p><br></p><p>Please note that while all applications are appreciated, <b>only candidates selected for interview will be contacted.</b></p><p><br></p><p><b>InSync Systems Inc.</b> is a privately-owned boutique Canadian Resourcing and Consulting Services Company that works closely with a range of corporate clients across multiple industries to bring them solutions that effectively address their business needs.</p>