Assistant Manager

Lead Azure Platform Security Engineer

KPMG Overview

Joining KPMG means joining a talented team of exceptional colleagues who bring innovative thoughts and a natural curiosity to the work they do each day. No one type of person succeeds at KPMG; a diverse business requires diverse personalities, characters and perspectives. There really is a place for you here.You will be working within Group Digital Platform Services Operations that services the broader Firm through delivery of core technology and managed services capabilities, collaboration and innovation development and services.

Role Summary

We are seeking an experienced and forward thinking Lead Azure Platform Security professional to govern and drive the implementation of security controls across our enterprise Azure platform. This role will champion secure-by-design cloud adoption, lead platform security engineering activities, and own the strategic roadmap for Azure platform protection.

As the technical and strategic authority for Azure platform security, you will collaborate closely with Cloud Architecture, Security Operations, DevOps, Risk & Compliance, and Platform Engineering teams to ensure our Azure environment remains resilient, well governed, and aligned to industry best practices.

Key Responsibilities

Platform Security Leadership

• Manage the overall Azure platform security strategy, architecture, and roadmap.
• Lead the continuous enhancement of secure Azure Landing Zones, guardrails, and enterprise governance controls.
• Define and maintain platform security patterns, standards, and reusable modules across the cloud ecosystem.
• Act as the SME on Azure platform security, advising senior stakeholders and influencing cloud decision making.

Security Architecture & Engineering

• Design and oversee implementation of platform security controls including:
• Azure Firewall, network segmentation, and Zero Trust networking
• Private Links, VNET peering, routing, and perimeter controls
• Key Vault, managed identities, and platform identity controls
• Defender for Cloud configuration, attack surface reduction, and secure baselines
• Lead threat modelling, platform risk assessments, and secure design reviews for new services and architectural changes.
• Ensure platform alignment with Microsoft CAF, enterprise architecture principles, and CIS/NIST security benchmarks.

Governance & Compliance

• Own Azure Policy strategy, governance rulesets, and compliance monitoring.
• Lead the creation and enforcement of platform guardrails, tagging standards, RBAC models, and security baselines.
• Ensure alignment with regulatory and compliance frameworks such as ISO 27001, CIS Controls, GDPR, PCI-DSS (as applicable).
• Provide authoritative input during internal audits, external audits, and cloud risk assessments.

Identity & Access Security

• Define platform-level identity governance including role models, PIM usage, and access hygiene.
• Lead adoption of Conditional Access, MFA, identity resilience, and privileged access processes.
• Ensure consistent least privilege access across the entire Azure platform.

Security Monitoring & Incident Response

• Partner with SOC and Cyber Operations to:
• Enhance Sentinel detection rules
• Improve monitoring of platform services
• Support incident response for Azure platform level threats
• Drive continuous improvement of security posture, automation, and alert fidelity.

Automation & Engineering Enablement

• Oversee automation of platform security checks, policy remediation, and reporting using:
• PowerShell / Azure CLI
• Bicep / Terraform
• GitHub Actions / DevOps pipelines
• Build a culture of reusable IaC modules, shift left security practices, and operational excellence.

Leadership, Mentoring & Stakeholder Influence

• Lead and mentor junior and mid‑level cloud security engineers.
• Represent platform security in senior governance forums, architecture boards, and programme steering groups.
• Engage with engineering, product, and operational teams to embed secure-by-design into cloud delivery.
• Communicate complex security topics clearly to technical and non‑technical stakeholders.

Required Skills & Experience

• 7+ years in cloud security, platform engineering, or security architecture roles.
• Deep, hands-on expertise with Azure platform security, including:
• Defender for Cloud, Sentinel, Key Vault, Network Security
• Azure Policy, RBAC, PIM, Conditional Access
• Landing Zones & CAF-aligned governance
• Extensive experience designing and implementing Zero Trust architectures.
• Strong understanding of compliance frameworks (CIS, ISO 27001, NIST, etc.).
• Practical experience with IaC in enterprise environments (Terraform preferred).
• Proven experience leading technical teams and influencing senior stakeholders.
• Strong communication, leadership, and architecture documentation skills.

Preferred Qualifications

• Microsoft Certified: Cybersecurity Architect Expert (SC‑100)
• Microsoft Certified: Azure Security Engineer Associate (AZ‑500)
• Microsoft Certified: Identity and Access Administrator (SC‑300)
• Microsoft Certified: Azure Solutions Architect Expert (AZ‑305)
• Industry certifications such as CISSP, CISM, CCSP