We are seeking an experienced Senior Azure Cloud Architect with strong expertise in cloud security architecture and solid Azure platform engineering knowledge.
The role is centred on strengthening and evolving the Azure cloud foundation by defining and enforcing security architecture, governance guardrails, and platform security standards across identity, network, data protection, and workload security domains.
It plays a key role in ensuring that Azure landing zones and platform services are designed and continuously improved in alignment with enterprise security principles
and industry frameworks.
In addition, the role supports the evolution of secure platform automation and infrastructure as code patterns, ensuring that security requirements are consistently embedded in cloud platform design, delivery, and operations.
The emphasis is on cloud security architecture, platform governance, and secure Azure platform design, supported by practical understanding of cloud platform engineering
concepts.
Your responsibilities
- Contribute to the evolution of the Azure cloud security architecture vision, principles, and roadmap
- Define and maintain cloud security reference architectures and reusable security patterns
- Ensure security requirements are embedded in Azure landing zones, platform services, and workloads
- Define and enforce cloud security guardrails, standards, and baselines across Azure environments
- Provide security architecture guidance and review for cloud solution designs and platform changes
- Ensure alignment with enterprise security architecture and governance standards
- Define and maintain Azure security policies and control frameworks aligned with industry frameworks
- Support implementation of policy as code using Azure Policy and related governance tooling
- Define and oversee security exception handling and risk acceptance processes
- Design and review identity and access management architectures
- Define privileged access management models and administrative access controls
- Enforce least privilege and zero trust principles across Azure environments
- Define standards for single sign on, multi factor authentication, managed identities, and role based access control
- Define and review secure Azure network architectures including segmentation and isolation models
- Define ingress and egress control patterns and traffic inspection strategies
- Review designs for Azure Firewall, Web Application Firewall, Private Link, DNS security, and DDoS protection
- Define secure hybrid connectivity patterns and network security requirements
- Define encryption standards and key management architecture options
- Define data classification, data protection, and sensitive data handling requirements
- Define data loss prevention controls and security requirements for data storage and processing
- Review backup, recovery, and data sovereignty requirements from a security perspective
- Define secure Azure landing zone architecture patterns and platform security baselines
- Define platform hardening standards and configuration management requirements
- Ensure security logging, monitoring, and auditability requirements are embedded in platform design
- Define secure configuration standards for core Azure platform services
- Define security requirements for Infrastructure as Code and cloud automation approaches
- Review Terraform and CI/CD designs from a security and governance perspective
- Define security testing requirements including dependency scanning, container scanning, and IaC scanning
- Promote shift left security practices across platform and application teams
- Conduct cloud security architecture risk assessments and provide mitigation guidance
- Support internal and external audit and compliance activities
- Map cloud security controls to regulatory and industry frameworks
- Define compensating controls where required
- Support continuous compliance and security posture improvement initiatives
- Collaborate with cloud architecture, platform engineering, security, and operations teams to ensure consistent security implementation
- Produce architectural documentation, security design decisions, and governance artefacts.
Your profile
Technical Competencies and Experience:
- Strong expertise in Azure cloud architecture, with a focus on cloud security and platform design
- Proven experience designing and securing enterprise Azure environments,
including landing zones, identity, networking, management, and governance components. - Strong knowledge of cloud security architecture principles, including Zero Trust, defense in depth, least privilege, and secure by design approaches.
- Experience defining and implementing cloud security guardrails, policies,
standards, and security baselines. - Strong understanding of Microsoft Entra ID, identity governance, privileged
access management, authentication, authorization, and role-based access
control models. - Experience designing secure Azure networking architectures, including
segmentation, private connectivity, traffic inspection, and perimeter security controls. - Strong knowledge of data protection, encryption, key management, secrets
management, and data governance principles within Azure. - Experience with Azure security services and capabilities, including Microsoft
Defender for Cloud, Microsoft Sentinel, Azure Policy, Azure Key Vault, Azure
Firewall, Web Application Firewall, and related platform security services. - Experience performing cloud security risk assessments and supporting audit,
compliance, and regulatory initiatives. - Strong understanding of security frameworks and industry standards.
- Experience with Infrastructure as Code concepts and security controls for cloud
automation and platform deployment. - Ability to review and challenge solution designs from a security architecture
perspective and provide pragmatic recommendations. - Strong analytical, communication, stakeholder management, and
documentation skills. - Ability to work effectively with cloud architecture, platform engineering, security, network, and operations teams.
Level of Education:
- University degree of 4 years in a relevant domain (e.g. Computer Science, Information Technology).
- Minimum of 3 years of demonstrated experience in defining cloud security standards, guardrails, and architecture patterns for large scale enterprise environments.
Professional Certifications and trainings:
- Microsoft Certified: Azure Fundamentals (required)
- Microsoft Certified: Azure Solutions Architect Expert (required)
- Azure Security Engineer Associate (required)
- Azure Network Engineer Associate (nice to have)
Our offer
- An attractive salary package ranging from €71,000 to €75,000 gross per year, with or without a company car
- 12 additional paid leave days per year (RTT) to support a better work-life balance
- Meal vouchers as well as monthly net allowances to cover representation expenses, internet costs, and the use of your personal equipment
- Eco vouchers to support your everyday eco-friendly purchases
- Hospitalization insurance fully covered by the company for your personal coverage
- An annual bonus
- A personalized development program, including at least 7 training days per year to help you enhance your skills
- Access to the Employee Club, giving you access to a wide range of daily benefits and discounts
Apply now
Are you ready to become part of a dynamic team with a clear focus on growth and excellence? Apply now and take the first step towards a fulfilling career with CTG IT Solutions.
Please note that a criminal record check will be required for this position.
Discover the exciting opportunities that await you at CTG IT Solutions, where your IT expertise meets a world of possibilities!
We believe in shaping digital together. We don’t just deliver technology, we work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.
Discover more
Solutions
Services
Industries
Careers
About Us
Why Cegeka
The Cegeka Story
Cegeka & Society
Annual Report
Let's get in touch
Have questions or want to connect? Get in touch through our contact form to start the conversation.
Privacy
Cookies
Terms of Use
© Cegeka