Help us maintain the quality of our job listings. If you find any issues
with this job post, please let us know. Select the reason you're reporting
this job:
DLB Associates are MEP & Technology consulting engineers that combine imagination, technical expertise, agility, and practicality to meet our clients where they need to be met. Our philosophy encompasses a unique approach which helps our clients:
● visualize options using powerful modeling & graphical techniques +
● design projects that are focused on what’s best for our clients and their values +
● integrate people, technology and the built environment +
● commission projects using a practical, adaptive and communication centric approach
DLB sees the bigger picture of each engineering challenge and employs an adaptive approach to problem solving. We recognize that every client is unique; therefore, our approach is personalized and tailored to meet each client’s specific needs. DLB’s core principles enable us to consistently deliver results that exceed expectations.
Recognizable qualities of THE DLB APPROACH:
● Agility
● Tailored Communication
● Interactive & Iterative Design Process
● Hands on & Practical Approach
● Reader Friendly Deliverables
● Emphasis on Visualization & Graphics
● Higher Output Per Hour
● Timely & Dependable
For more detail on Our Approach, please visit our website, http://www.dlbassociates.com/.
DLB is a firm unlike any other, providing solutions unlike any other.
DLB is seeking a visionary Senior Cloud Security Architect to shape and secure our Microsoft-centric enterprise environment. As the lead architect and client-facing security authority, you’ll turn business risks into scalable, secure-by-design solutions across Azure, M365, and modern SaaS/PaaS platforms. This high-impact role blends technical strategy, governance, and mentorship—empowering teams while protecting mission-critical data.
Position Title: Senior Cloud Security Architect
Position Location: Remote – work virtually from anywhere in the United States
SALARY
DLB recognizes salary ranges from job boards do not necessarily reflect our pay ranges. In many instances we out-compete those ranges for well-qualified candidates.
JOB SUMMARY
The Senior Cloud Security Architect owns the strategy, design, and continuous improvement of DLB’s enterprise security posture across Microsoft 365, Azure, and related SaaS/PaaS services and serves as DLB’s primary client‑facing security authority. Acting as the principal security subject‑matter expert, this role:
Translates business risk into technical controls, defines secure configurations, and creates repeatable patterns that Operations Team & support technicians can follow.
Represents DLB in security audits, diligence questionnaires, and client requests as needed.
Collaborates with software developers, data teams, and business stakeholders to embed security‑by‑design into all technology initiatives.
The Architect receives high‑level objectives, operates with substantial autonomy, and mentors other IT personnel who handle day‑to‑day incident response and routine administration.
This person will communicate and operate in line with organizational goals and values, as well as departmental objectives.
ESSENTIAL FUNCTIONS
Security Architecture & Strategy
Develop and maintain reference architectures, baselines, and secure configuration standards across Microsoft cloud services.
Perform threat modeling and risk assessments aligned to NIST CSF and CIS Benchmarks.
Design identity and access management patterns (least privilege, Conditional Access, PIM, service‑principal governance) for Entra ID, Power Platform, Azure DevOps, and custom applications.
Evaluate and pilot emerging Microsoft security capabilities
Governance, Compliance & Data Protection
Configure and tune Microsoft Purview Information Protection, DLP, retention, and eDiscovery
Map controls to compliance frameworks (e.g., ISO 27001, SOC 2) and support audits
Establish metrics and KPIs to measure control effectiveness
Security Operations Enablement
Build and document runbooks, automated playbooks, and alert tuning for SOC/IT Ops teams using Defender XDR, Sentinel, and Azure Automation.
Provide Tier‑3 escalation support for complex security incidents and coordinate post‑incident review
Continuous Improvement & Training
Conduct periodic architecture reviews and penetration‑test remediation plans
Deliver knowledge‑transfer sessions and create micro‑learning content for support technicians and developers
Champion security best practices in Agile ceremonies and DevOps pipelines
Performs Other Related Duties as Assigned
Requirements
POSITION REQUIREMENTS
Advanced mastery of Microsoft Defender suite (Endpoint, Identity, Office, Cloud Apps) and Purview Information Protection
Deep knowledge of Entra ID (Azure AD) identity governance, RBAC, Conditional Access, PIM, and B2B/B2C models
Proven experience securing Exchange Online, SharePoint, Teams, and Power Platform (Power Apps, Automate, BI)
Familiarity with Azure services (App Services, Key Vault, App Config, Storage, Virtual Network, Private Link) and Azure Policy, Blueprints, ARM/Bicep/Terraform
Strong grasp of Graph API, OAuth 2.0, OpenID Connect, and application consent governance
Working knowledge of SIEM/SOAR (Microsoft Sentinel preferred) and incident‑response workflows.
Ability to translate security risks into concise business language for non‑technical stakeholders
Ability to communicate effectively directly with clients and at times serve as primary point of client contact
Ability to work successfully as a member of a team and independently with minimal supervision
Ability to work under pressure and meet close deadlines
Demonstrated aptitude for learning new technology and adapting to evolving requirements.
Organizational skills, with the ability to manage multiple tasks simultaneously
TRAVEL / RELOCATION REQUIREMENTS
Up to 5%, this may include travel to any or all 50 US states
Travel is defined as physically leaving home on behalf of business activities including but not limited to client sites, meetings with other employees, meeting for business development purposes, running errands on behalf of the business, attending industry conferences, etc.
EDUCATION / EXPERIENCE REQUIREMENTS
Bachelor’s degree in IT, Information Systems, Computer Science, or related discipline
PLUS
8+ years of progressive IT or security experience, with 3+ years in a dedicated security‑architecture or cloud‑security engineering role
Benefits
Benefits
DLB Associates offers a very competitive benefits package; highlights include
Choice of comprehensive medical plans (including two PPO-style plans and a HDHP w/ HSA option)
Health reimbursement account (HRA), flex spending accounts (FSA)
Dental and vision plans
Comprehensive medical, dental and vision benefits extended to spouse / domestic partner and dependent children up to age 26
401k with company match and self-directed brokerage account option
PTO including additional paid time off during the last week of the year
Company paid life insurance coverage for employees and their eligible dependents
Short and long-term disability, AD&D coverage
Professional development opportunities, tuition reimbursement and professional licensing assistance
Paid parental leave after one year of employment
DLB Associates is an EEO/Affirmative Action Employer and participates in the E-Verify program with the Department of Homeland Security. We encourage diversity in our workforce.
Are you ready to challenge yourself and redefine standards in the AEC industry? Apply now and join our award-winning team!
NOTICE TO THIRD PARTY AGENCIES:
DLB does not accept unsolicited resumes from recruiters, employment agencies, or other staffing services. Unsolicited resumes include any resume or hiring document sent to DLB in the absence of a signed Service Agreement where DLB has expressly requested recruitment/staffing services specific to the position at hand. Any unsolicited resumes, including those submitted to hiring managers or other business leaders, will become the property of DLB and DLB will have the right to hire that candidate without reservation – no fee or other compensation will be owed or paid to the recruiter, employment agency, or other staffing service.
Required profile
Experience
Spoken language(s):
English
Check out the description to know which languages are mandatory.