Cloud platform architecture & landing zones
- Design Enterprise鈥慡cale Azure Landing Zones per CAF (management groups, subscription strategy, naming/tagging).
- Engineer guardrails using Azure Policy/initiatives and automate subscription vending with Bicep/Terraform.
Data protection & key management
- Enforce encryption by default; apply CMK for PaaS; govern secrets/certificates with Azure Key Vault.
- Adopt Microsoft Purview鈥慳ligned protection patterns and define DR/backup guardrails for critical data services.
Container & platform hardening
- Define AKS standards (policy for Kubernetes, RBAC, network policies, ACR signing/scanning gates).
- Secure PaaS (App Service, Functions, Storage, SQL, Cosmos DB) with least privilege and network isolation.
Identity & privileged access (Microsoft Entra)
- Establish Conditional Access baselines, authentication strengths, workload identities and B2B collaboration.
- Implement PIM (just鈥慽n鈥憈ime), RBAC/ABAC models, break鈥慻lass design and access reviews.
Network & perimeter security
- Architect hub鈥慳nd鈥憇poke or Virtual WAN with zero鈥憈rust segmentation.
- Implement Private Link/Endpoints, Azure Firewall/WAF, DDoS Protection, and NSG/ASG/egress controls.
Posture & compliance (build鈥憈ime/run鈥憈ime)
- Own Defender for Cloud CSPM enablement and risk鈥慴ased remediation (agentless assessments, vuln management).
- Map controls to CIS Azure, Microsoft Cloud Security Benchmark and NIST CSF 2.0; run exceptions/RA processes.
DevSecOps guardrails & automation
- Integrate security in CI/CD: IaC policy checks, code鈥憈o鈥慶loud mapping and signed artifacts.
- Automate platform changes with Bicep/Terraform, GitOps and change approvals; publish reusable modules.
Collaboration & handover
- Lead multi鈥慸isciplinary teams, coach consultants and communicate design trade鈥憃ffs to senior stakeholders.
Impact you鈥檒l make in the first months
- Accelerate secure landing zone rollout with automated subscription vending and policy packages.
- Reduce standing privileges via PIM and staged Conditional Access baselines.
- Improve secure score through prioritized CSPM remediation and IaC鈥慹nforced guardrails.