Cloud Application Security (AWS and Azure)

About the role

The Cloud Security role will be responsible for providing detailed assessment for key cloud security. Create Architectural and design documents, implementation of Cloud Security Configuration Remediation Plan, configuration and operationalization of Azure Security tools, and Azure-Security Operations Center (SOC) integration and operationalization. This workstream shall include the following activities:

  • Lead Cloud Security Design workshops to provide Azure Security expertise and recommendations in the following areas (specific to Cloud Security):
      • Reference Architecture
      • Network Topology and Network Data Flows
      • Encryption Strategy
      • Role-Based Access Control (RBAC) Strategy
      • Minimum Security Standards
        • Network
        • Data Storage
        • Encryption
        • Server Hardening
        • Database Hardening
        • Prod/Dev Separation
      • Least-Privilege Access Model

    Lead the testing and implementation of required security configuration updates within. The Cloud Security Configuration Remediation Plan is expected to provide recommendations covering:
  • Security configuration gaps as identified by internal audit
  • Gaps identified as non-compliant with Azure Minimum Security Standards
  • Configuration and operationalization of Azure Security Center and Azure Security Configuration Auditing
  • Azure-Security Operations Center (SOC) Integration and Operationalization, including:
  • Integration and operationalization of Azure workloads with the Threat & Vulnerability Management Program
  • Integration and operationalization of Azure Network Security Groups (NSG) with Risk Management, the Network Security service, and/or Network Infrastructure, as appropriate
  • Integration of the Azure Security Center data source with Splunk
  • Development of five (5) Splunk use cases which leverage Azure Security Center data
  • Enhancement of existing and/or development of new Incident Response processes to operationalize in-scope Azure Security use cases

  • Qualifications

    Skills Required:
    • Azure Active Directory including Synchronization and Active Directory Federation Services (ADFS)
    • Azure Tennant and Subscription Management
    • Microsoft Azure and Office 365
    • Splunk, Cisco, Palo Alto
    • PKI Design and Implementation
    • Cloud Application Security (CAS)
      • Implementation (install) and configuration, validation testing,
      • Policy compliance based on pre-defined Microsoft Templates, configuration, and reporting Splunk Integration
      • Event hub for Splunk Integration (SIEM)_
      • Azure Application Alerts
      • Azure permissions (including out of box roles (e.g. contributor) and RBAC permissions
      • Application integration with CAS
      • Troubleshooting and support
      • Data security and privacy
    • Identity Access and Management
    • Technical documentation (i.e. design, operational runbook)
    • Windows Server Operating Systems Administration (2012 R2 and higher)

    Non-Technical Skills:
    • Requirement gathering and assessment
    • Exception verbal and written communications to key stakeholders, technical and non-technical.
    • Familiar with Microsoft Project

    • Advanced Threat Analytics (ATA)

    Recommended Certifications:
    • Certified Information Systems Security Professional (CISSP)
    • Certified Information Security Manager (CISM)
    • Certified Cloud Security Professional (CCSP)

    Requisition ID - 56038

    Avanade is the leading provider of innovative digital and cloud-enabling services, business solutions and design-led experiences, delivered through the power of people and the Microsoft ecosystem. Majority owned by Accenture, Avanade was founded in 2000 by Accenture LLP and Microsoft Corporation and has 30,000 professionals in 24 countries. Visit us at

    Back to top