CapB InfoteK
Azure Security Specialist at Illinois Full time
CapB InfoteK, Illinois City, Illinois, United States, 61259
Roles and Responsibilities:
Demonstrate deep experience with securing mission critical cloud applications in Microsoft Azure
Orchestrate the security layer across custom developed and Commercial products deployed on Azure as an integrated solution
Demonstrate good understanding of Azure Compliance Blueprints, Compliance Dashboards
Create strategy to manage PCI/PII compliance controls through Azure Automation
Deliver security layer as code using Azure CLI, ARM templates, Shell Scripts and not just as Visio Diagrams
PAAS Security:
Drive the security architecture and implementation for APIs and Microservices deployed on Azure Kubernetes Services, Azure App Services, Logic Apps and Functions
Implement best practices for application secrets management using Azure Key Vault or Hashicorp Vault, with the ability to recommend one versus the other based on use cases
Container Security:
Demonstrate understanding of container security concepts, Kubernetes architecture, service to service communication
Design Ingress control and Kubernetes security policies with nginx, Azure Application Gateway
Data security:
Create blueprint for data security in transit and at rest including the ability to recommend Azure database offerings and storage services based on the security requirements
Demonstrate deep understanding on topics like Data Exfiltration, Data Loss Prevention and Data Redaction
Network and Platform Security:
Design and implement the best practices as code using Azure CLI and/or ARM Templates for virtual network security, user defined routing and network security groups
Design isolation of applications, data and other PAAS services using Service Endpoints, ASE and other techniques
Identity Management:
Design identity management solutions with Azure AD, Azure AD B2C, Okta, Ping Identity and other modern identity solutions for internal users and customer identities
Integrate OAuth into applications, APIs, Microservices
Work with Azure Managed Service Identities for Application to Application or Application to Azure Services scenarios
Azure DevOps:
Ability to work with Azure DevOps Pipelines and Releases to deliver security-as-code in the CI/CD environment
Certifications:
AZ-500
Primary Skills:
Azure CLI and Powershell
Container platforms and tools - Kubernetes, Docker, Azure Kubernetes Service, Azure Container Service
Azure Networking – Azure Virtual Networks, ExpressRoute, Site-to-Site VPN, NSG, App Service Environment
Azure PAAS Services Security and Provisioning – Azure API Management Policies, Azure App Service, Event Hubs, Service Bus, Cosmos DB, Azure SQL
Identity Management – Azure Managed Service Identities, Azure AD, Azure AD B2C, Open ID Connect
Cloud Security – Azure Key Vault, HSTS, SSL/TLS Ingress Control, Certificate management, Azure Security Center, Threat Detection, Container Security tools e.g. Twistlock
Cloud monitoring – Experience with Azure Sentinel, Azure Log Analytics, Azure Monitor, SysDig, Application Insights
Demonstrate deep experience with securing mission critical cloud applications in Microsoft Azure
Orchestrate the security layer across custom developed and Commercial products deployed on Azure as an integrated solution
Demonstrate good understanding of Azure Compliance Blueprints, Compliance Dashboards
Create strategy to manage PCI/PII compliance controls through Azure Automation
Deliver security layer as code using Azure CLI, ARM templates, Shell Scripts and not just as Visio Diagrams
PAAS Security:
Drive the security architecture and implementation for APIs and Microservices deployed on Azure Kubernetes Services, Azure App Services, Logic Apps and Functions
Implement best practices for application secrets management using Azure Key Vault or Hashicorp Vault, with the ability to recommend one versus the other based on use cases
Container Security:
Demonstrate understanding of container security concepts, Kubernetes architecture, service to service communication
Design Ingress control and Kubernetes security policies with nginx, Azure Application Gateway
Data security:
Create blueprint for data security in transit and at rest including the ability to recommend Azure database offerings and storage services based on the security requirements
Demonstrate deep understanding on topics like Data Exfiltration, Data Loss Prevention and Data Redaction
Network and Platform Security:
Design and implement the best practices as code using Azure CLI and/or ARM Templates for virtual network security, user defined routing and network security groups
Design isolation of applications, data and other PAAS services using Service Endpoints, ASE and other techniques
Identity Management:
Design identity management solutions with Azure AD, Azure AD B2C, Okta, Ping Identity and other modern identity solutions for internal users and customer identities
Integrate OAuth into applications, APIs, Microservices
Work with Azure Managed Service Identities for Application to Application or Application to Azure Services scenarios
Azure DevOps:
Ability to work with Azure DevOps Pipelines and Releases to deliver security-as-code in the CI/CD environment
Certifications:
AZ-500
Primary Skills:
Azure CLI and Powershell
Container platforms and tools - Kubernetes, Docker, Azure Kubernetes Service, Azure Container Service
Azure Networking – Azure Virtual Networks, ExpressRoute, Site-to-Site VPN, NSG, App Service Environment
Azure PAAS Services Security and Provisioning – Azure API Management Policies, Azure App Service, Event Hubs, Service Bus, Cosmos DB, Azure SQL
Identity Management – Azure Managed Service Identities, Azure AD, Azure AD B2C, Open ID Connect
Cloud Security – Azure Key Vault, HSTS, SSL/TLS Ingress Control, Certificate management, Azure Security Center, Threat Detection, Container Security tools e.g. Twistlock
Cloud monitoring – Experience with Azure Sentinel, Azure Log Analytics, Azure Monitor, SysDig, Application Insights