Azure Cloud Security Architect

Overview

At Systems Planning and Analysis, Inc. (SPA), we tackle the most complex national security challenges with high-impact technical solutions. With over 50 years of proven expertise and a track record of consistent growth, we are recognized for driving innovation and delivering value to our government customers in the U.S. and beyond. An exceptionally talented and collaborative team powers our success, united in producing Results that Matter . When you join us, you'll find opportunities, meaningful challenges, and a shared commitment to mission success. Come work with the best and make a difference where it truly counts.

We seek a highly skilled Azure Cloud Security Architect to design and implement comprehensive security strategies for a complex Azure environment. This role will focus on ensuring the security, compliance, and scalability of cloud solutions aligned with Secure Cloud Computing Architecture (SCCA), Mission Landing Zone (MLZ), and Azure Landing Zone (ALZ) frameworks. The ideal candidate will also bring expertise in B2B and enterprise interconnectivity to enable secure collaboration with external partners, vendors, and customers. This position is critical for managing mission-critical and multi-tenant workloads while meeting regulatory and compliance requirements.

Why Join Us?

This is an opportunity to lead the security strategy for a cutting-edge cloud environment. You'll play a critical role in protecting mission-critical workloads and enabling secure collaboration. Join a team of forward-thinking professionals and advance your expertise in cloud security while solving complex challenges.

Responsibilities

Security Architecture Design

• Design secure cloud architectures incorporating zero trust, SCCA, and MLZ principles.
• Develop hub-and-spoke network architectures using Azure Firewall, VPN Gateway, ExpressRoute, and Network Security Groups (NSGs).
• Architect secure identity and access solutions using Azure AD, Privileged Identity Management (PIM), Key Vault, and Conditional Access Policies.

B2B and Enterprise Interconnectivity

• Implement secure B2B collaboration solutions using Azure AD B2B, Guest Access, and Conditional Access Policies.
• Architect identity federation across Azure AD tenants or with third-party identity providers to enable seamless partner integration.
• Design and manage hybrid connectivity using ExpressRoute, VPN Gateway, Azure Private Link, and Virtual WAN.
• Enable secure integration with third-party SaaS platforms and APIs using Azure API Management.

Regulatory Compliance

• Ensure solutions meet frameworks like NIST SP 800-53, CMMC, FedRAMP, and ISO 27001.
• Use Azure Policy and Blueprints to enforce compliance across subscriptions and workloads.
• Provide technical support during audits, ensuring compliance evidence is well-documented.

Threat Management

• Deploy and configure threat detection and response tools such as Azure Sentinel and Microsoft Defender for Cloud.
• Conduct threat modeling, vulnerability assessments, and penetration testing.
• Implement and optimize SIEM solutions and integrate them with monitoring tools like Log Analytics and Network Watcher.

Governance and Risk Management

• Establish governance frameworks, including role-based access control (RBAC), resource tagging, and least privilege access.
• Develop security baselines for Development, Production, and Sandbox environments.
• Collaborate with stakeholders to identify risks and design mitigating controls for interconnectivity and workloads.

Automation and Integration

• Build Infrastructure as Code (IaC) solutions using Terraform, ARM templates, or Bicep to automate compliance and security controls.
• Integrate security into DevOps pipelines, enabling secure software delivery (DevSecOps).
• Automate incident detection and remediation workflows to reduce response times.

Collaboration and Leadership

• Partner with cloud architects, DevOps teams, and cybersecurity professionals to implement secure, scalable solutions.
• Act as a technical leader, guiding teams to embed security best practices across the system development lifecycle (SDLC).
• Mentor junior engineers and architects, fostering a security-focused culture.

Qualifications

Required Qualifications:

Experience:

• 8+ years in cybersecurity roles, with 5+ years focused on Azure cloud security.
• Proven experience designing secure, multi-subscription Azure environments that integrate with external partners.

Technical Skills:

• Expertise in Azure services: Azure AD, Azure Firewall, Microsoft Defender for Cloud, Azure Sentinel, Key Vault, and Conditional Access Policies.
• Strong knowledge of B2B interconnectivity, including Azure AD B2B, Guest Access, and identity federation.
• Hands-on experience with hybrid connectivity using ExpressRoute, VPN Gateway, Private Link, and Azure Virtual WAN.
• Proficiency with Infrastructure as Code (IaC) tools, including Terraform, ARM templates, or Bicep.

Compliance Knowledge:

• Deep understanding of regulatory frameworks like NIST SP 800-53, CMMC, FedRAMP, ISO 27001, and DoD Impact Levels (IL2-IL6).
• Familiarity with governance tools such as Azure Policy and Blueprints.

Certifications:

• Microsoft Certified: Azure Security Engineer Associate (required).
• Additional certifications such as Azure Solutions Architect Expert, CISSP, or CCSP are preferred.

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and collaboration skills, with the ability to work with diverse stakeholders.
• Leadership and mentoring capabilities to guide teams in adopting secure practices.

Desired Qualifications:

• Experience with Mission Landing Zone (MLZ) design and deployment.
• Knowledge of cross-domain solutions (CDS) and secure data transfer mechanisms.
• Expertise in secure DevOps (DevSecOps) and CI/CD pipeline integration.
• Experience with multi-cloud and inter-cloud security architectures.