Job Responsibilities
1. Cloud Security Management
 Administer and manage cloud-native network security controls such as Azure Network Security
Groups (NSGs), AWS Security Groups, and cloud firewall policies.
 Oversee secure network connectivity between cloud and on-premise environments, including
VPN configurations, VNet peering, ExpressRoute, and Direct Connect.
 Ensure cloud network configurations adhere to best practices for traffic segmentation, least
privilege access, and encrypted communications.

2. Threat Detection & Response
 Investigate cloud-based and network-related security alerts using tools such as Microsoft
Defender for Cloud, AWS GuardDuty, and Azure Sentinel.
 Ensure comprehensive log forwarding from cloud environments to central SIEM platforms (e.g.
Splunk, Sentinel) to enable real-time threat correlation and effective incident response.

3. Access Control & Perimeter Security
 Support Zero Trust Architecture implementation through Just-in-Time (JIT) access, Privileged
Identity Management (PIM), and conditional access policies.
 Implement network segmentation, micro-segmentation, and edge security measures using
Web Application Firewalls (WAFs), DDoS protection, and Content Delivery Networks (CDNs).

4. Secure Remote Access & ZTNA Project Support
 Lead the evaluation, implementation, and operations of Zero Trust Network Access (ZTNA) and
SASE solutions to deliver secure, policy-enforced remote access.
 Manage VPN gateway configurations across multiple platforms, including Azure, AWS, and
hybrid infrastructures.

5. Microsoft 365 Security (M365 Project)
 Support the M365 rollout by implementing network and endpoint security controls across
Exchange Online, SharePoint, OneDrive, and Microsoft Teams.
 Ensure secure access, Data Loss Prevention (DLP), and integration with Defender for Office 365,
Microsoft Purview, and cloud app security tools.
 Collaborate with identity and endpoint teams to ensure secure hybrid deployments, with a
focus on identity protection, conditional access, and endpoint hardening.

6. Endpoint Security Controls
 Implement and monitor endpoint protection on cloud-hosted and hybrid workloads using
tools such as Defender for Endpoint, CrowdStrike, or equivalent EDR/XDR solutions.
 Ensure all virtual machines and containers are onboarded to endpoint security platforms, with
anti-malware, exploit protection, and device compliance policies enforced.
 Collaborate with infrastructure and operations teams to ensure patching and vulnerability
remediation processes are consistently applied to cloud workloads.

7. Logging, Monitoring & Compliance
 Maintain full visibility of cloud network activity through flow logs (e.g. NSG Flow Logs, VPC Flow
Logs, Azure Monitor).
 Generate audit-ready reports aligned with regulatory and industry frameworks such as PCI
DSS, BNM-RMiT, and MAS TRM.
 Continuously improve monitoring and detection use cases relevant to cloud network and
endpoint activity.

8. Cloud Project Support
 Provide expert security input during cloud adoption, migration, and hybrid cloud initiatives.
 Validate secure configuration and deployment of cloud components including transit
gateways, NAT gateways, bastion hosts, and proxy servers.

9. Knowledge Sharing & Upskilling
 Stay current with evolving cloud security technologies and frameworks such as the Microsoft
Cloud Adoption Framework (CAF) and AWS Well-Architected – Security Pillar.
 Mentor junior staff and contribute to the development of internal SOPs, incident playbooks, and
operational runbooks.

Job Requirements
 Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.
 7+ years of experience managing cloud network security and related cloud security
operations.
 Experience implementing cloud security controls and frameworks (e.g., CIS, NIST, ISO 27001).
 Proven experience with Azure, AWS, or hybrid cloud environments with hands-on work in cloud
network security controls.
 Experience supporting Microsoft 365 security projects, especially related to secure network
access and data protection.