Search Jobs
Search by job, company or skills
Search by job, company or skills
Job Title - Senior Azure Security Consultant / Engineer
Experience - 15+ Years (Senior / Principal Level)
Engagement Type - Part-Time (3–4 hours per day)
Working Hours - Flexible — Aligned with US Business Hours
Duration - 1–2 Months Only
Location- Remote
Role Overview
Alpha Technologies INC. is seeking a highly experienced Senior Azure Security Consultant / Engineer to support a short-term engagement focused on designing, hardening, and validating secure Azure cloud infrastructure. The consultant will work part-time and collaborate closely with platform, DevOps, and security teams to ensure best-in-class Azure security, networking, identity, and secrets management aligned with enterprise and compliance standards.
The ideal candidate brings deep hands-on expertise across Azure Networking, AKS security, Private Endpoints, Key Vault, CMK, Defender for Cloud, and DNS/certificate automation, with the ability to quickly assess, design, and implement secure architectures within tight timelines.
Core Responsibilities:-
Networking & Security
• Design and deploy Azure VNet with subnet segregation (AKS nodes, App Gateway,
Private Endpoints, NAT Gateway)
• Configure NSGs, UDRs, and Azure Private Endpoints for ACR, Key Vault, Redis, Monitor,
and Azure OpenAI
• Implement Private DNS Zones for all PaaS services
• Set up hub/spoke VNet peering or VPN Gateway for corporate network connectivity as
required
• Review and optimize Azure network security posture for least-privilege and zero-trust principles
• Define ingress and egress security patterns for AKS and PaaS workloads
• Validate network isolation and private connectivity for regulated workloads
Security & Secrets Management
• Provision and harden Azure Key Vault (RBAC-enabled, Private Endpoint, soft-delete,
purge protection)
• Configure External Secrets Operator (Azure KV provider) with per-microservice federated
Workload Identity
• Implement customer-managed keys (CMK) for AKS etcd, node pool disks (Disk
Encryption Sets), Storage, and Log Analytics
• Set up Microsoft Defender for Cloud plans covering Containers, Key Vault, App Gateway,
and Storage
• Define enterprise-grade secrets rotation and access governance strategies
• Enforce identity-based access controls using Azure AD, Managed Identity, and Workload Identity
• Validate encryption-at-rest and encryption-in-transit across Azure services
DNS & Certificate Management
• Manage Azure DNS public zones and automate wildcard certificate lifecycle via Key
Vault integration
• Configure Private DNS zones for all private endpoint–backed services
• Deploy and scope external-DNS on AKS to the correct DNS zone
• Design DNS delegation strategies for internal and external workloads
• Ensure certificate automation aligns with security and compliance standards
Data & Cache
• Connect MongoDB Atlas via Azure Private Link; validate customer-managed key support
with Azure Key Vault
• Deploy Azure Cache for Redis (Premium tier, VNet-injected, TLS enforced, auth token);
validate Redis API compatibility with application clients
• Validate private connectivity, encryption, and authentication for data services
• Review high availability and disaster recovery configurations
Azure Networking Expertise
• Solid understanding of Azure networking: Private Endpoints, Private DNS, NSGs, NAT
Gateway, VNet peering
Required Skills & Qualifications
Nice to Have
Job ID: 147492877
We don’t charge any money for job offers
