MS Azure IaaS/Defender

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team.

Job Title: MS Azure IaaS/Defender

Location(s): Richmond, VA

Requirements:

• Experience in network engineering or IT security, with a focus on cloud environments, particularly Microsoft Azure IaaS.
• Proven experience implementing and managing network segmentation within Azure, including VNets, Subnets, NSGs, ASGs, and other Azure networking components.
• Hands-on experience with Microsoft Defender for Cloud, Microsoft Defender for Endpoint, and other Azure security tools.
• Strong understanding of cloud security best practices, including securing resources in IaaS environments and using tools to enhance security and monitoring.

1) Azure Network Segmentation Design & Implementation :

• Design, implement, and manage network segmentation strategies within Azure IaaS to improve security, performance, and compliance across cloud environments.
• Create and maintain Virtual Networks (VNets), Subnets, Network Security Groups (NSGs), and Application Security Groups (ASGs) to segment resources and isolate critical workloads in Azure.
• Work with other teams to design and implement network segmentation policies that adhere to security best practices and meet regulatory requirements.

2) Security Integration with MS Defender :

• Leverage Microsoft Defender for Cloud and Microsoft Defender for Endpoint to enforce and monitor security policies on segmented networks.
• Implement and configure security controls and alerts within MS Defender to identify, monitor, and mitigate vulnerabilities and threats within Azure environments.
• Develop and maintain security baseline configurations for Azure IaaS resources using MS Defender and Azure Security Center.
• Collaborate with security teams to integrate MS Defender with other security solutions and incident response workflows to improve cloud security posture.

3) Automation and Orchestration :

• Utilize automation tools such as Azure Resource Manager (ARM) templates, Ansible, or PowerShell to deploy and manage network segmentation and security configurations at scale.
• Develop and maintain scripts or automation workflows to enforce segmentation policies and integrate MS Defender for proactive monitoring and incident response.

4) Performance Monitoring and Optimization :

• Continuously monitor the performance and security of network segments within Azure using Azure Monitor, Microsoft Defender, and other cloud-native monitoring tools.
• Identify areas for optimization, security hardening, and potential bottlenecks in segmented network traffic.
• Work closely with cloud engineering and security teams to resolve network issues and improve overall network efficiency and protection.

5) Security & Compliance :

• Ensure all network segmentation designs meet industry-specific security standards and compliance requirements, including NIST, HIPAA, and GDPR.
• Collaborate with compliance teams to conduct regular security audits and risk assessments within Azure environments to maintain compliance.
• Implement micro-segmentation techniques within Azure to limit the blast radius of potential security incidents and reduce the attack surface.
• 6) Documentation & Reporting :
• Maintain accurate documentation for all network segmentation configurations, security policies, and procedures.
• Produce regular reports on network segmentation health, security postures, and MS Defender alerts to inform stakeholders and ensure continuous improvement.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.