Enterprise Cloud Security Architect- Azure

We are seeking an experienced Cloud Architect with strong expertise in Microsoft Azure, hybrid Active Directory, and enterprise identity and device management. This role will lead the design, implementation, and governance of secure, scalable cloud and hybrid environments, supporting both cloud-native and legacy systems while enabling modern workplace and identity solutions. The ideal candidate combines strategic architectural thinking with hands-on technical depth across Azure infrastructure, identity, endpoint management, and security. Key Responsibilities Cloud & Infrastructure Architecture • Design and maintain a Secure Cloud Architecture for IaaS, PaaS, and SaaS solutions with Microsoft security technologies such as Defender, Sentinel, Purview, Endpoint Management, and Entra ID to protect enterprise and client assets. • Build and deploy security architecture that enforces Zero Trust principles across M365, tenants, Azure subscriptions, B2C tenants, enterprise virtual systems, landing zones, virtual desktops and devices. • Establish security controls around DevOps, secrets management, key vaults, and managed identities to secure service to service patterns. • Architect resilient, scalable, and cost-optimized cloud solutions using Azure best practices and risk-based spending alignment • This role will own security architecture standards, reference architecture, guardrails, and exception decisions in partnership with the Chief Information Security Officer. Identity & Access Management • Establish and enforce hardened identity management for identities including Entra ID, service principles, and workload identities while enforcing least-privilege across environments and mitigating path to privilege. • Architect identity security using conditional access, MFA, phishing resistant authentication, Privileged Identity Management (PIM), and Zero Trust principles • Design and integrate Privileged Access Management (PAM) tools in active directory environments which include both Windows and Linux to eliminate the use of interactive service accounts and password handling while providing secure privilege access management practices, automation, and secure service-to-service communications. • Design and incorporate security best practice for device & endpoint management incorporating identity and access management with internet access restrictions supporting Windows, macOS, iOS, and Android devices. Security & Compliance • Architect and govern AI platforms and data flows across Azure OpenAI and Microsoft Copilot extensibility, integrating MCP-based systems with enterprise identity, device, and data protection controls to prevent leakage, enforce consent boundaries, and ensure auditability. • Establish and enforce AI governance controls for MCP endpoints and AI-driven data access, including Entra ID–based authorization, data provenance, policy enforcement, and compliance logging. • Drive Purview-based data governance including classification strategy, sensitivity labels, DLP enforcement, information barriers, and cross-tenant controls. Collaboration & Leadership • Act as a technical authority and advisor to engineering, security, and operations teams • Translate business requirements into technical cloud solutions • Produce architecture diagrams, documentation, and standards • Mentor engineers and elevate team maturity by contributing to cloud best practices and roadmaps, conducting design reviews, building hardened security patterns, and providing coaching to strengthen engineering practices. Minimum Qualifications: • Bachelor’s degree in computer science, engineering, or related field. • 8-10 years of security design, implementation and ownership experience with Microsoft security tooling • 10+ years of hands-on proficiency in multiple cybersecurity competencies (e.g., network security, systems security, application security, security operations) • 10+ years’ experience performing security testing or technical controls validation, including documentation of testing methods and results. • 10+ years’ experience in Azure cloud architecture and security services. Preferred Qualifications: • Experience with End User Workstation Security Controls to include MAC, Windows and Virtual Desktops. • Experience with Microsoft products to include Microsoft Endpoint Manager, Entra, Defender, Sentinel and M365. • Experience with securing both Azure cloud as well as hybrid cloud environments using the Microsoft security tooling. • Advance knowledge of Microsoft Defender and Sentinel and proficiency in KQL query language. • Experience with Microsoft Defender for Cloud to include regulatory compliance dashboard configuration and continuous assessment; integrating Defender for Cloud into CI/CD pipelines and IaC workflows; and practical knowledge of CSPM and CWPP capabilities. • Experience with Azure Policy, subscription structure, billing account, and management groups • Proactive awareness of emerging cybersecurity threats and technologies • Detail oriented with strong verbal and presentation skills. • Excellent interpersonal, communication, and negotiation skills • Effective written and oral communication, technical writing, and editing skills • Security-related certification (i.e., Security+, CISSP, GIAC, etc.) • Experience with landing zone security baselines and guardrails Compensation The salary range provided in this job posting is intended to reflect the general market value for the position. The actual salary offered may vary based on factors such as the candidate’s experience, qualifications, skills, and the specific requirements of the role. This range may also be subject to change as market conditions evolve. We encourage open communication throughout the interview process to discuss compensation expectations. For base-salary + commission sales roles, the range represents On-Target Earnings. Min – Max : $152,837.17 - $229,255.75 (USD) Benefits The benefits described represent the current offerings at our organization, however, benefits are subject to change and may vary by location and employment status. We strive to provide a comprehensive benefits package that supports our employees’ health, wellness, and financial goals. Please note that benefits may be discussed in more detail during the hiring process. • Remote first / work from home culture • Flexible vacation to help you rest, recharge, and connect with loved ones • Paid leave benefits • Health, dental, and vision insurance • 401k retirement savings plan • Infertility benefits • Tuition reimbursement, life insurance, EAP – and more! It is the policy of Merative to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Merative will provide reasonable accommodations for qualified individuals with disabilities. Merative participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: http://www.uscis.gov/e-verify/employees Apply tot his job Apply To this Job