Cloud Security Architect

We are looking for a Cloud Security Architect for a 4-month contract position, with possible extensions in Calgary, Alberta. Must be legally entitled to work in Canada. This position is on-site in downtown Calgary, 40 hours per week. Role DescriptionOur client is undertaking a strategic initiative to address architectural and operational limitations in its Azure cloud environment. The goal is to improve scalability, security, and governance through targeted assessments and redesigns. The project is structured around three key milestones:Cloud Security Assessment (Primary Focus for This Role)The Company has Microsoft Defender for Cloud and Sentinel available, but deployment is inconsistent. The immediate priority is Defender for Cloud, which has the potential to significantly improve threat protection and compliance.Sentinel will be evaluated further with stakeholders. Key Contributions Expected:Define a consistent framework for Defender for Cloud.Align security posture with regulatory standards and governance goals.Support secure workload expansion and collaboration between security and operations.Provide recommendation for Sentinel improvements.Cloud Networking Enhancement (Secondary Input Area)Current network architecture exposes critical resources via public endpoints and lacks cohesive design across DNS, NSGs, firewalls, and ExpressRoute. Input May Include:Recommendations for securing resources with private endpoints.Guidance on strategic IP and DNS design to support automation and performance.Landing Zone Assessment (Secondary Input Area)Existing landing zones limit scalability and clarity. Planning is needed to support AI and Data workloads and standardize governance across subscriptions. Input May Include:Support in defining governance frameworks and subscription strategies.Collaboration on scalable landing zone design aligned with security best practices.ResponsibilitiesAssess readiness and define criteria for adopting Defender for Cloud alongside Sentinel to enhance threat detection and response capabilities.Develop a strategic roadmap to elevate security configurations and align with best practices.Required Skills and Experience7-10+ years of working with Cloud Security, Identity Management solutions and Cloud InfrastructureMicrosoft Defender for Cloud expertiseHands-on experience configuring, deploying, and managing Defender for Cloud across hybrid environments.Familiarity with threat detection, vulnerability management, and compliance features.Azure Security Best PracticesDeep understanding of Azure security controls, including RBAC, policies, and secure workload design.Experience aligning cloud security with regulatory and governance frameworks.Security Operations & MonitoringExperience with centralized monitoring, incident response, and integration with SIEM tools.Ability to assess and improve security posture using Azure-native tools.Cloud Architecture AwarenessAbility to collaborate with architects and infrastructure teams to ensure security is embedded in design decisions.Ability to explain complex systems to stakeholders and project team members in a very simple format for understanding.Comfortable working with cross-functional teams, including business, operations and IT Architecture.Skilled in translating technical risks into business-relevant language.Microsoft Defender for Cloud for Azure Services (eg: VM’s Storage, SQL, Containers, etc)Policy configuration, threat detection, vulnerability management, and compliance integration.Azure Security Center & SentinelExperience with SIEM integration, incident response workflows, and log analytics.Azure Role-Based Access Control (RBAC) and Policy ManagementDesigning and enforcing least-privilege access and governance controls.DevSecOpsIntegrate Security best practices throughout the SDLC and CI/CD pipelines using Infrastructure as Code and Policy as Code.Security Monitoring & Incident ResponseFamiliarity with alerts, playbooks, and centralized monitoring strategies.Regulatory Compliance AlignmentUnderstanding standards like ISO 27001, NIST, CIS benchmarks, and audit readinessDesired Skills and Experience Microsoft Sentinel knowledgeExperience with Sentinel setup, use cases, and integration with Defender for Cloud.Cloud Networking FundamentalsUnderstanding Azure networking components (NSGs, firewalls, ExpressRoute, DNS).Familiarity with private endpoints and zero-trust architecture.Landing Zone Design ExperienceExposure to Azure Landing Zone frameworks and subscription/management group strategies.Ability to advise on governance and policy standardization.Automation & Infrastructure as Code (IaC)Experience with tools like Bicep, Terraform, or ARM templates for deploying security configurations.Audit & Compliance AlignmentKnowledge of audit readiness practices and compliance standards (e.g., ISO, NIST, CIS benchmarks).Private Endpoint ConfigurationSecuring services like Key Vault, Data Lake, and Databricks.Azure Networking FundamentalsNSGs, firewalls, ExpressRoute, DNS, and IP planning.Landing Zone Design PrinciplesSubscription strategy, management groups, and governance frameworks.Infrastructure as Code (IaC)Experience with Bicep, Terraform, or ARM templates for security automation.Security Operations CollaborationAbility to work with SOC teams and integrate security into DevOps workflows.Please note that while all applications are appreciated, only candidates selected for interview will be contacted.InSync Systems Inc. is a privately-owned boutique Canadian Resourcing and Consulting Services Company that works closely with a range of corporate clients across multiple industries to bring them solutions that effectively address their business needs.