Senior Cloud Security Architect

This is a remote position.

• Translates business risk into technical controls, defines secure configurations, and creates repeatable patterns that Operations Team & support technicians can follow.
  
• Represents DLB in security audits, diligence questionnaires, and client requests as needed.
  
• Collaborates with software developers, data teams, and business stakeholders to embed security‑by‑design into all technology initiatives.
  

• Develop and maintain reference architectures, baselines, and secure configuration standards across Microsoft cloud services.
  
• Perform threat modeling and risk assessments aligned to NIST CSF and CIS Benchmarks.
  
• Design identity and access management patterns (least privilege, Conditional Access, PIM, service‑principal governance) for Entra ID, Power Platform, Azure DevOps, and custom applications.
  
• Evaluate and pilot emerging Microsoft security capabilities
  

• Configure and tune Microsoft Purview Information Protection, DLP, retention, and eDiscovery
  
• Map controls to compliance frameworks (e.g., ISO 27001, SOC 2) and support audits
  
• Establish metrics and KPIs to measure control effectiveness
  

• Build and document runbooks, automated playbooks, and alert tuning for SOC/IT Ops teams using Defender XDR, Sentinel, and Azure Automation.
  
• Provide Tier‑3 escalation support for complex security incidents and coordinate post‑incident review
  

• Conduct periodic architecture reviews and penetration‑test remediation plans
  
• Deliver knowledge‑transfer sessions and create micro‑learning content for support technicians and developers
  
• Champion security best practices in Agile ceremonies and DevOps pipelines
  

Requirements

• Advanced mastery of Microsoft Defender suite (Endpoint, Identity, Office, Cloud Apps) and Purview Information Protection
  
• Deep knowledge of Entra ID (Azure AD) identity governance, RBAC, Conditional Access, PIM, and B2B/B2C models
  
• Proven experience securing Exchange Online, SharePoint, Teams, and Power Platform (Power Apps, Automate, BI)
  
• Familiarity with Azure services (App Services, Key Vault, App Config, Storage, Virtual Network, Private Link) and Azure Policy, Blueprints, ARM/Bicep/Terraform
  
• Strong grasp of Graph API, OAuth 2.0, OpenID Connect, and application consent governance
  
• Working knowledge of SIEM/SOAR (Microsoft Sentinel preferred) and incident‑response workflows.
  
• Ability to translate security risks into concise business language for non‑technical stakeholders
  
• Ability to communicate effectively directly with clients and at times serve as primary point of client contact
  
• Ability to work successfully as a member of a team and independently with minimal supervision
  
• Ability to work under pressure and meet close deadlines
  
• Demonstrated aptitude for learning new technology and adapting to evolving requirements.
  
• Organizational skills, with the ability to manage multiple tasks simultaneously
  

• Up to 5%, this may include travel to any or all 50 US states
  
• Travel is defined as physically leaving home on behalf of business activities including but not limited to client sites, meetings with other employees, meeting for business development purposes, running errands on behalf of the business, attending industry conferences, etc.
  

• Bachelor’s degree in IT, Information Systems, Computer Science, or related discipline
  

• 8+ years of progressive IT or security experience, with 3+ years in a dedicated security‑architecture or cloud‑security engineering role
  

Benefits

• Choice of comprehensive medical plans (including two PPO-style plans and a HDHP w/ HSA option)
  
• Health reimbursement account (HRA), flex spending accounts (FSA)
  
• Dental and vision plans
  
• Comprehensive medical, dental and vision benefits extended to spouse / domestic partner and dependent children up to age 26
  
• 401k with company match and self-directed brokerage account option
  
• PTO including additional paid time off during the last week of the year
  
• Company paid life insurance coverage for employees and their eligible dependents
  
• Short and long-term disability, AD&D coverage
  
• Professional development opportunities, tuition reimbursement and professional licensing assistance
  
• Paid parental leave after one year of employment