Job Responsibilities 1. Cloud Security Management Administer and manage cloud-native network security controls such as Azure Network Security Groups (NSGs), AWS Security Groups, and cloud firewall policies. Oversee secure network connectivity between cloud and on-premise environments, including VPN configurations, VNet peering, ExpressRoute, and Direct Connect. Ensure cloud network configurations adhere to best practices for traffic segmentation, least privilege access, and encrypted communications. 2. Threat Detection & Response Investigate cloud-based and network-related security alerts using tools such as Microsoft Defender for Cloud, AWS GuardDuty, and Azure Sentinel. Ensure comprehensive log forwarding from cloud environments to central SIEM platforms (e.g. Splunk, Sentinel) to enable real-time threat correlation and effective incident response. 3. Access Control & Perimeter Security Support Zero Trust Architecture implementation through Just-in-Time (JIT) access, Privileged Identity Management (PIM), and conditional access policies. Implement network segmentation, micro-segmentation, and edge security measures using Web Application Firewalls (WAFs), DDoS protection, and Content Delivery Networks (CDNs). 4. Secure Remote Access & ZTNA Project Support Lead the evaluation, implementation, and operations of Zero Trust Network Access (ZTNA) and SASE solutions to deliver secure, policy-enforced remote access. Manage VPN gateway configurations across multiple platforms, including Azure, AWS, and hybrid infrastructures. 5. Microsoft 365 Security (M365 Project) Support the M365 rollout by implementing network and endpoint security controls across Exchange Online, SharePoint, OneDrive, and Microsoft Teams. Ensure secure access, Data Loss Prevention (DLP), and integration with Defender for Office 365, Microsoft Purview, and cloud app security tools. Collaborate with identity and endpoint teams to ensure secure hybrid deployments, with a focus on identity protection, conditional access, and endpoint hardening. 6. Endpoint Security Controls Implement and monitor endpoint protection on cloud-hosted and hybrid workloads using tools such as Defender for Endpoint, CrowdStrike, or equivalent EDR/XDR solutions. Ensure all virtual machines and containers are onboarded to endpoint security platforms, with anti-malware, exploit protection, and device compliance policies enforced. Collaborate with infrastructure and operations teams to ensure patching and vulnerability remediation processes are consistently applied to cloud workloads. 7. Logging, Monitoring & Compliance Maintain full visibility of cloud network activity through flow logs (e.g. NSG Flow Logs, VPC Flow Logs, Azure Monitor). Generate audit-ready reports aligned with regulatory and industry frameworks such as PCI DSS, BNM-RMiT, and MAS TRM. Continuously improve monitoring and detection use cases relevant to cloud network and endpoint activity. 8. Cloud Project Support Provide expert security input during cloud adoption, migration, and hybrid cloud initiatives. Validate secure configuration and deployment of cloud components including transit gateways, NAT gateways, bastion hosts, and proxy servers. 9. Knowledge Sharing & Upskilling Stay current with evolving cloud security technologies and frameworks such as the Microsoft Cloud Adoption Framework (CAF) and AWS Well-Architected - Security Pillar. Mentor junior staff and contribute to the development of internal SOPs, incident playbooks, and operational runbooks. Job Requirements: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field. 7+ years of experience managing cloud network security and related cloud security operations. Experience implementing cloud security controls and frameworks (e.g., CIS, NIST, ISO 27001). Proven experience with Azure, AWS, or hybrid cloud environments with hands-on work in cloud network security controls. Experience supporting Microsoft 365 security projects, especially related to secure network access and data protection. *GoKardz is recruiting on behalf of our client in the Banking sector. Powered by our cutting-edge digital identity platform, this opportunity is part of our platform-driven services that streamline and optimise talent acquisition for leading companies.