• Design, develop, and implement cloud security architecture solutions in Microsoft Azure aligned with business objectives, technical requirements, and industry frameworks (e.g., NIST CSF, CIS Benchmarks). • Build and maintain security automation using Infrastructure as Code (IaC) tools such as Terraform, Bicep, or ARM templates to ensure consistent, repeatable, and auditable deployments. • Architect and implement cloud-native security controls including network segmentation, micro-segmentation, encryption at rest and in transit, and secrets management. • Partner with IT Infrastructure and Enterprise Architecture teams on the migration strategy for moving on-premise data centers to Microsoft Azure, ensuring environments are secure, compliant, and resilient from day one. • Evaluate and remediate security risks across hybrid and cloud-native architectures throughout the migration lifecycle. • Implement and manage Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platform (CNAPP) tooling to maintain continuous visibility and compliance. • Collaborate with development and platform engineering teams to embed security into CI/CD pipelines, including static/dynamic code analysis (SAST/DAST), container image scanning, dependency vulnerability scanning, and automated policy enforcement. • Write production-quality code and automation scripts (Python, PowerShell, Bash, or Go) to build security tooling, automate remediation workflows, and integrate security controls across cloud services. • Champion secure software development practices across engineering teams, including threat modeling, secure code review, and security architecture assessments. • Support the adoption of policy-as-code and detection-as-code practices to enforce security standards programmatically. • Lead the design, development, and implementation of a cloud-based IAM strategy, including Zero Trust principles, least-privilege enforcement, conditional access, and identity governance. • Manage and optimize identity platforms (e.g., Microsoft Entra ID), role-based access control (RBAC), privileged access management (PAM), and authentication protocols (OAuth 2.0, SAML, OIDC). • Implement and tune cloud-native monitoring, logging, and alerting using tools such as Microsoft Sentinel or equivalent SIEM/SOAR platforms. • Develop and enforce cloud security policies, standards, and procedures, and maintain audit readiness for applicable compliance frameworks. • Stay current with emerging technologies, threat vectors, and industry trends — including AI-driven threat detection, container and serverless security, and evolving regulatory requirements. • Act as a subject matter expert, providing technical guidance and mentorship to other engineers and cross-functional team members.