Senior Cloud Security Consultant

You will be joining NVISO’s Cloud Security team as a Cloud Security (Sr.) Consultant. The ideal candidate has knowledge in Azure or Microsoft 365 cloud services, with a particular focus on security. We are aware that cloud security features and products are abundant; the following list apply to the ones of interest to us. If you have experience or feel capable of conducting only some of them (not the full list), please reach out! You tasks will include: You will be joining NVISO’s Cloud Security team as a Cloud Security (Sr.) Consultant. The ideal candidate has knowledge in Azure or Microsoft 365 cloud services, with a particular focus on security. We are aware that cloud security features and products are abundant; the following list apply to the ones of interest to us. If you have experience or feel capable of conducting only some of them (not the full list), please reach out! Strategy and Governance Assess cloud security posture against frameworks (e.g., CIS, NIST, ISO 27001) and Microsoft benchmarks (Azure Security Benchmark, M365 baseline). Define cloud security strategy, target operating model, and roadmap aligned to business and regulatory requirements. Develop and maintain cloud security policies, standards, and guardrails for Azure and M365. Identity and Access Management (IAM) Design and implement Microsoft Entra tenant architecture, including identity lifecycle, conditional access, and MFA. Implement and tune Conditional Access policies, risk-based access, and device compliance integrations with Intune/Endpoint Manager. Deploy and operate Privileged Access Management (PAM), including PIM for Azure and M365 roles, just-in-time access, and break-glass accounts. Integrate on-premises identities (hybrid) with secure synchronization and hardening of federation where used. Platform Security and Hardening (Azure) Build secure landing zones using Azure Policy, Blueprints/Bicep/Terraform, and management groups. Enforce baseline controls for networking (NSGs, Azure Firewall, Private Link), compute (secure images, patching), and storage (encryption, private endpoints). Configure Azure Key Vault for secrets, keys, and certificates management with RBAC and purge protection. Implement workload isolation, tagging, and resource locks; manage identity-based access (managed identities). Threat Protection and Monitoring Deploy and tune Microsoft Defender for Cloud, Defender for Cloud Apps (MCAS), Defender for Endpoint, and Defender for Identity. Configure Microsoft Sentinel: data connectors, analytics rules, UEBA, watchlists, workbooks, and SOAR playbooks (Logic Apps). Develop detection use cases, threat hunting queries (KQL), and incident response runbooks specific to Azure and M365 threats. Establish alert triage, escalation paths, and continuous tuning to reduce noise and improve mean time to detect/respond. Microsoft 365 Security Configure and manage Microsoft Purview (Compliance portal) for DLP, information protection labels, data lifecycle, and insider risk. Implement Exchange Online, SharePoint, OneDrive, and Teams security baselines, safe links/attachments, and anti-phishing policies. Enforce device compliance via Intune, app protection policies, and conditional access for BYOD and corporate devices. Secure collaboration and external sharing with sensitivity labels, access reviews, and entitlement management. Data Protection and Encryption Design data classification and labelling strategies with Microsoft Purview; enforce DLP across endpoints, Exchange, SharePoint, and Teams. Ensure encryption at rest and in transit, customer-managed keys (CMK), and double encryption where required. Implement eDiscovery, legal hold, and audit configurations for regulatory needs.