Kavi Global - Azure Infrastructure Engineer - Cloud Security Alliance

Job Description

Description

Job Summary :

We are looking for an Azure Infrastructure Engineer with 35 years of experience who understands cloud architecture and security best practices aligned with the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).

The candidate will be responsible for designing, implementing, and managing secure and scalable infrastructure on Microsoft Azure, ensuring compliance with CSA security principles and regulatory standards.

Key Responsibilities

• Design and deploy Azure infrastructure with a security-first mindset, aligned with CSA CCM and Azure Well-Architected Framework.
• Implement identity and access controls (RBAC, Azure AD, MFA, Conditional Access) as per CSA IAM domain.
• Ensure data protection using Azure encryption capabilities (at-rest, in-transit, and in-use).
• Deploy network security architectures (NSGs, Azure Firewall, Private Link, ExpressRoute) compliant with CSA and NIST guidelines.
• Enable security monitoring and incident response with Azure Defender, Sentinel, and Security Center.
• Map and document infrastructure against CSA CCM controls.
• Ensure infrastructure is compliant with CIS Benchmarks, ISO 27001, and CSA STAR guidelines.
• Automate infrastructure provisioning with ARM templates, Bicep, or Terraform, integrating security guardrails.
• Perform periodic vulnerability assessments and remediation aligned with CSA guidelines.
  
  

• 35 years of experience in Azure cloud infrastructure.
• Strong hands-on experience in Azure IaaS (VMs, VNETs, Storage, Load Balancers, etc.
• In-depth knowledge of Azure security tools (Azure Security Center, Defender for Cloud, Sentinel).
• Familiarity with Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) and CAIQ.
• Strong understanding of identity and access management principles.
• Proficient in scripting (PowerShell, Azure CLI) and IaC (ARM/Bicep/Terraform).
• Experience working in regulated industries (e.g., healthcare, finance) is a plus.
  
  

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft Certified: Azure Solutions Architect Expert
• CSA CCSK (Certificate of Cloud Security Knowledge) or CCSP
  
  

• Excellent documentation and communication skills.
• Ability to translate compliance requirements into technical controls.
• Strong collaboration skills with security, operations, and compliance teams