Azure Security Manager at KPMG Nederland

Amstelveen, North Holland, Netherlands -

Full Time

Start Date

Immediate

Expiry Date

09 Feb, 26

Salary

6500.0

Posted On

11 Nov, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Azure Security, Cloud Architecture, Data Protection, Key Management, Container Security, Identity Management, Network Security, Compliance, DevSecOps, Stakeholder Management, Azure Policy, Bicep, Terraform, CSPM, RBAC, PIM

Industry

Financial Services

Description

Beschrijving van het bedrijf KPMG’s Cyber & TechLaw practice enables clients to design and operate secure‑by‑default Microsoft Azure platforms. As an Azure Security Manager/Expert, you lead the design, build and hardening of cloud landing zones and core services, embedding zero‑trust, policy‑as‑code and identity‑first controls across enterprise and regulated environments. Functieomschrijving Cloud platform architecture & landing zones Design Enterprise‑Scale Azure Landing Zones per CAF (management groups, subscription strategy, naming/tagging). Engineer guardrails using Azure Policy/initiatives and automate subscription vending with Bicep/Terraform. Data protection & key management Enforce encryption by default; apply CMK for PaaS; govern secrets/certificates with Azure Key Vault. Adopt Microsoft Purview‑aligned protection patterns and define DR/backup guardrails for critical data services. Container & platform hardening Define AKS standards (policy for Kubernetes, RBAC, network policies, ACR signing/scanning gates). Secure PaaS (App Service, Functions, Storage, SQL, Cosmos DB) with least privilege and network isolation. Identity & privileged access (Microsoft Entra) Establish Conditional Access baselines, authentication strengths, workload identities and B2B collaboration. Implement PIM (just‑in‑time), RBAC/ABAC models, break‑glass design and access reviews. Network & perimeter security Architect hub‑and‑spoke or Virtual WAN with zero‑trust segmentation. Implement Private Link/Endpoints, Azure Firewall/WAF, DDoS Protection, and NSG/ASG/egress controls. Posture & compliance (build‑time/run‑time) Own Defender for Cloud CSPM enablement and risk‑based remediation (agentless assessments, vuln management). Map controls to CIS Azure, Microsoft Cloud Security Benchmark and NIST CSF 2.0; run exceptions/RA processes. DevSecOps guardrails & automation Integrate security in CI/CD: IaC policy checks, code‑to‑cloud mapping and signed artifacts. Automate platform changes with Bicep/Terraform, GitOps and change approvals; publish reusable modules. Collaboration & handover Lead multi‑disciplinary teams, coach consultants and communicate design trade‑offs to senior stakeholders. Impact you’ll make in the first months Accelerate secure landing zone rollout with automated subscription vending and policy packages. Reduce standing privileges via PIM and staged Conditional Access baselines. Improve secure score through prioritized CSPM remediation and IaC‑enforced guardrails. Functie-eisen 7–12 years in cyber/cloud security with 3+ years leading Azure platform security architecture and hardening. Hands‑on depth in Entra ID (CA, PIM), Azure Policy, Bicep/Terraform, Key Vault, network security and Defender for Cloud (CSPM). Ability to map designs to CAF/Enterprise‑Scale, Well‑Architected (Security), CIS Azure and NIST CSF 2.0. Consulting skills: stakeholder management, clear storytelling and delivery leadership. Typical certifications: SC‑100, AZ‑500, SC‑300. Aanvullende informatie Salary between EUR 5,100 and EUR 6,500 30 vacation days (based on full-time employment), with the option to buy additional days or sell your vacation days. A lease car + NS business card or a mobility allowance. A flexible pension scheme with no mandatory personal contribution. A wide range of training and educational programs to support your professional and personal development. Focus on vitality! Work out at the office in Amstelveen or get a discount at a gym near you, plus access to coaching, health, and wellness programs. ‘Together’ is one of our core values. You can expect various social activities such as team outings, drinks, and events with your colleagues.

Responsibilities

As an Azure Security Manager, you will lead the design, build, and hardening of cloud landing zones and core services. Your role involves embedding zero-trust and identity-first controls across enterprise environments.