KPMG India
Website:
social.kpmg
Job details:
Location - Bangalore and Gurgaon
Req#
30042356
Associate Consultant
30042347
Consultant
30042341
Assistant Manager
Description
We are looking for a highly skilled and proactive Senior Azure Platform Security Engineer to play a key role in securing, governing, and enhancing our enterprise Azure platform. This role combines advanced technical engineering skills with strong architectural awareness, enabling you to manage, implement, and operate platform level security controls.
You will work closely with Platform Engineering, Cloud Architecture, Cyber Security Operations, and Governance teams to ensure our Azure environment remains secure, well monitored, compliant, and aligned with modern best practices.
Responsibilities
Azure Platform Security Engineering
- Manage, implement, and maintain security controls across Azure Landing Zones and platform foundations.
- Lead technical configuration across:
- Azure Firewall, NSGs, ASGs
- VNETs, Private Links, network security architecture
- Azure Key Vault, managed identities, and secrets governance
- Defender for Cloud, secure baselines, and platform hardening
- Develop and maintain reusable IaC modules (Bicep/Terraform) to enforce consistent platform security.
Security Architecture Support
- Work with architects to shape secure by design principles and reference patterns.
- Conduct technical security assessments, threat modelling, and design reviews for platform components.
- Provide expert guidance on CAF (Cloud Adoption Framework) and enterprise security architecture alignment.
Governance & Compliance
- Own Azure Policy development, assignment, remediation automation, and compliance dashboards.
- Contribute to the definition and enforcement of platform guardrails, RBAC models, and security baselines.
- Support internal and external audits with evidence, reporting, and control improvements.
Identity & Access Security
- Engineer identity governance at platform level, including PIM, RBAC architecture, role models, and access reviews.
- Ensure strong adoption of MFA, Conditional Access, and identity hygiene practices.
- Collaborate on privileged access strategy and identity resilience initiatives.
Security Monitoring, Detection & Incident Response
- Enhance detection rules, automations, and monitoring capabilities within Sentinel.
- Engineer improvements to Defender for Cloud recommendations, scoring, and alert fidelity.
- Support and lead platform related investigations, root-cause analysis, and incident containment.
Cross Team Collaboration & Technical Leadership
- Mentor junior engineers and support knowledge sharing across cloud and security teams.
- Act as a senior technical point of escalation for platform security issues.
- Contribute to cloud governance boards, design authorities, and architecture communities of practice.
Required Skills & Experience
- 5+ years in cloud security, cloud engineering, or security engineering roles, with heavy Azure exposure.
- Strong hands-on expertise with Azure security services and platform components, including:
- Defender for Cloud, Sentinel
- Azure Policy, RBAC, PIM
- Virtual networks, Azure Firewall, Private Endpoints
- Key Vault, managed identities, encryption controls
- Solid understanding of Zero Trust principles and secure cloud architecture.
- Experience building landing zones or platform governance foundations.
- Practical IaC experience (Terraform or Bicep required).
- Ability to influence engineering teams and drive secure-by-design practices.
- Excellent analytical, documentation, and communication skills.
Preferred Qualifications
- AZ‑500: Azure Security Engineer Associate
- AZ‑305: Azure Solutions Architect Expert
- SC‑100: Cybersecurity Architect Expert
- SC‑300: Identity & Access Administrator
- Certifications like CISSP, CCSP, or CISM (nice to have)
Click on Apply to know more.