Job Description
Senior Cloud Security Specialist to serve as a technical authority for securing Microsoft Azure environments. In this role, you will design, operate, and continuously improve cloud threat detection, investigation, and response capabilities, with a strong focus on Microsoft Defender for Cloud, Azure-native security services, and CNAPP integrations.
You will work closely with Cloud Engineering, Security Operations, and Governance teams to ensure a resilient, compliant, and highly observable Azure security posture across enterprise-scale environments.
Key Responsibilities
Act as a subject matter expert for Azure cloud security, providing hands-on leadership across detection, investigation, and response activities
Design, configure, and optimize Microsoft Defender for Cloud security controls, recommendations, and alerting
Monitor and investigate security events using Azure Activity Logs, Entra ID logs, network flow data, and workload telemetry
Design, implement, and tune Azure Web Application Firewall (WAF) protections (Azure Application Gateway WAF and Azure Front Door WAF) to defend against OWASP Top 10 threats, bot activity, and application-layer attacks.
Identify and analyze attack paths and exposure chains across Azure subscriptions, management groups, and hybrid environments
Integrate Azure security telemetry with CNAPP, SIEM, and SOAR platforms to enable end-to-end threat visibility
Assist in the development of automated response playbooks for identity, compute, and network-based incidents
Lead cloud-native incident response, including triage, containment, eradication, and recovery
Produce clear investigation reports, root cause analyses, and post-incident recommendations
Provide architectural guidance on secure Azure design, including identity, networking, workload isolation, and data protection
Partner with engineering teams to embed security controls into CI/CD pipelines and infrastructure-as-code workflows
Required Qualifications
Deep hands-on experience with Microsoft Azure security architecture, including Entra ID (Azure AD), RBAC, Azure Policy, VNets, Private Endpoints, and Azure Monitor
Expert-level knowledge of Microsoft Defender for Cloud, including CSPM, workload protection plans, secure score, and risk prioritization
Experience with Azure-native protection services such as Defender for Servers, Containers, Storage, SQL, and Key Vault
Strong investigation skills using cloud-native logs, behavioral analytics, and security telemetry
Familiarity with CNAPP platforms (e.g., Wiz, Prisma Cloud, Orca) Knowledge of cloud security frameworks such as MITRE ATT&CK and CSA CCM
Experience with regulatory and compliance requirements (e.g., ISO 27001, GDPR, SOX) in cloud environments
Preferred Qualifications
Experience leading or mentoring cloud security analysts or engineers
Hands-on experience with ARM, Bicep, or Terraform
Background in hybrid or multi-cloud security operations
Azure security certifications (e.g., AZ-500, SC-100, SC-200)
7+ years experience in a cyber security, cyber investigations, cyber threat intelligence, or combination of these three roles.
Undergraduate degree in Technical discipline, Computer Science or related field required. Graduate degree preferred.
CISSP preferred
Special Factors
Sponsorship
Vanguard is not offering visa sponsorship for this position.
About Vanguard
At Vanguard, we don't just have a mission—we're on a mission.
To work for the long-term financial wellbeing of our clients. To lead through product and services that transform our clients' lives. To learn and develop our skills as individuals and as a team. From Malvern to Melbourne, our mission drives us forward and inspires us to be our best.
How We Work
Vanguard has implemented a hybrid working model for the majority of our crew members, designed to capture the benefits of enhanced flexibility while enabling in-person learning, collaboration, and connection. We believe our mission-driven and highly collaborative culture is a critical enabler to support long-term client outcomes and enrich the employee experience.