This job post was edited by AI for improved readability.

Service Description

Our client plays a major role in the Belgian and European energy landscape, building sustainable, green and reliable energy infrastructure. The company is seeking freelancers to work remotely and locally on various national and international projects.

The company is seeking an experienced Azure Cloud Architect with security expertise to join their Engineering chapter team. In this hybrid role, you will be responsible for designing, implementing and securing cloud infrastructure solutions with a strong focus on integrating security throughout the development, deployment, and operations lifecycle in the Consumer Centricity organization. You will work closely with cross-functional teams to deliver secure, scalable, and highly available cloud native solutions, while ensuring that security is a primary consideration throughout the software development lifecycle.

The service consists of the following tasks:

• Cloud Architecture: Design and implement scalable, secure, and highly available cloud infrastructures that meet business needs and technical requirements, ensuring compliance with security best practices, industry standards, and regulatory requirements (e.g. ISO 27001, GDPR, NIS2 etc.)
• Cloud Governance: Implement cloud security governance policies and ensure adherence to cloud security standards. Utilize Azure Defender, Azure Policy, Management Groups, and Azure Blueprints to enforce governance and security controls.
• Identity & Access Management (IAM): Implement and manage secure authentication and authorization policies using Azure Entra ID, Privileged Identity Management (PIM), role-based access control (RBAC), and conditional access to ensure least-privilege access for users, applications, and services.
• Encryption & Data Protection: Ensure that all data stored and transmitted in Azure environments is protected using encryption techniques. Architect solutions that use Azure Key Vault for secure key management and Azure Disk Encryption for data protection.
• Automation & Security Tools: Utilize automation tools (e.g. ArgoCD) and DevSecOps principles to implement security into the CI/CD pipeline, ensuring that security testing, vulnerability scanning, and security checks are integrated into the entire software development lifecycle. Leverage Infrastructure as Code (IaC) tools such as Terraform, Bicep, or Azure Resource Manager (ARM) templates to automate secure resource provisioning and configuration.
• Security Monitoring & Incident Response: Automate security tasks including vulnerability scanning, compliance checks, threat detection, and security monitoring using tools like Azure Sentinel, Azure Monitor, and Azure Defender. Develop and execute incident response plans for handling security breaches, including data exfiltration, DDoS attacks, or insider threats.
• Disaster Recovery & Business Continuity: Design and implement secure disaster recovery strategies, ensuring that data, applications, and services are protected and recoverable in case of incidents.
• Cost Management & Optimization: Monitor cloud usage and costs, recommend optimization strategies, and help implement cost-effective cloud solutions while ensuring security and performance.
• Risk Assessment & Management: Conduct security risk assessments, vulnerability assessments, and penetration testing to identify weaknesses in Azure-based applications and infrastructure. Provide remediation strategies to address identified risks.
• Collaboration & Leadership: Collaborate with cross-functional teams (DevOps, operations, development, and security) to integrate security best practices into the design and deployment of cloud-based solutions. Provide guidance on secure cloud design, and mentor team members in security architecture and best practices.
• Cloud Architecture Documentation: Create and maintain comprehensive documentation on security architecture, security controls, cloud security policies, and risk management strategies.

Requirements

1. 5+ years of experience in cloud security, cloud architecture, DevSecOps or related roles, with at least 3+ years of hands-on experience in architecting secure environments on Microsoft Azure.
2. Strong understanding of cloud networking, hybrid cloud, and virtual networking concepts (e.g., VPNs, subnets, NSGs, load balancing, hub-spoke).
3. Expertise in designing and implementing cloud security architectures on Azure, with strong knowledge of Azure Defender, Azure Sentinel, Azure Key Vault, Azure EntraID, Azure Firewall, and other Azure security services.
4. Strong understanding of security frameworks and compliance standards (e.g. ISO 27001, GDPR, NIS2), and the ability to implement and manage them in the Azure cloud.
5. Experience with Identity and Access Management (IAM), including Azure Entra ID, Privileged Identity Management (PIM), role-based access control (RBAC), multi-factor authentication (MFA), and Conditional Access Policies.
6. Proficient in implementing Encryption strategies, such as Azure Disk Encryption, Azure Information Protection, and SSL/TLS for securing data in transit and at rest.
7. Experience with containerization and container security using Docker, Azure Kubernetes Service (AKS), and related tools to secure containerized environments.
8. Expertise in Infrastructure as Code (IaC) tools such as Terraform, ARM templates, or Bicep to automate secure provisioning and configuration of Azure resources.
9. Experience in Azure governance and cost management using Azure Cost Management, Azure Policies, and management groups.
10. Experience with monitoring and logging tools such as Azure Monitor, Application Insights, or Log Analytics and third-party solutions like Splunk or Elastic Stack.
11. Experience in risk management, vulnerability assessment, and penetration testing, along with a strong understanding of incident response and remediation strategies in the cloud.
12. Hands-on experience with CI/CD tools (e.g., Azure DevOps, ArgoCD) and integration of security tools (e.g. SonarQube) within the pipeline.
13. Proficiency in scripting languages (e.g., PowerShell, Azure CLI, Python) to automate security tasks and infrastructure provisioning.
14. Excellent problem-solving and troubleshooting skills in cloud environments.
15. Strong communication skills with the ability to explain complex security concepts to non-technical stakeholders and to collaborate across teams.
16. Languages: English (C1).

Not a must, but advantageous

• Microsoft Azure certifications, such as Azure Solutions Architect Expert, Azure Security Engineer Associate, or Microsoft Certified: Azure DevOps Engineer Expert.
• Security certifications such as CISSP, CCSP, Certified Cloud Security Professional (CCSP), or Certified Information Security Manager (CISM).
• Experience with following technologies: Kong, Event Hubs, Dapr.
• Open to participate in a duty roll (24*7).
• Extra Languages: French (B1), Dutch (B1).

Additional Details

• Maximum Hourly Rate: 60€/h – 80€/h
• Start and Duration: 12.05.2025 – 11 Months
• Volume: Approx. 100% (5 days/w)
• Work Location: Primary location is Brussels and Berlin occasionally

Next Steps

If you think that these requirements match with your skills, please use the reply function or send us an email with your CV and hourly rate (remote/onsite) via email.

You don’t need to apply for the same position more than once. We offer you the most advantageous conditions, which are standardized. When quoting hourly rates, keep in mind that the client may be price sensitive and that the duration of the projects should be considered. Besides, there is often a good chance of extension.

If you have any questions, please feel free to contact us via email.

Best regards,

Your joyIT Team