Job description

Link Technologies (LinkTechConsulting.com), a Las Vegas-based IT consulting firm, is currently seeking a Microsoft Azure Security Assessment Consultant to join our team in Denver, CO. JOB SUMMARY This role will work with the business technologies information security team to conduct a comprehensive security assessment of our Microsoft Azure environment, identify security gaps, and provide actionable recommendations to enhance overall security posture, governance, and compliance. REQUIREMENTS • Five (5) years of hands-on Azure experience, whether in administration, engineering, architecture, or security is strongly preferred. RESPONSIBILITIES • Evaluate Architecture: • Review the Azure cloud architecture to identify potential security design flaws. • Assess alignment with Microsoft’s Cloud Adoption Framework, NIST CSF, and Zero Trust principles. • Recommend Azure Security Policies: • Recommend security baselines and Azure Policy definitions for security hardening. • Identify and suggest policy initiatives (built-in and custom). • Design CrowdStrike Cloud Sensors and Connectors: • Assist with architecture and deployment planning for CrowdStrike sensors or connectors to enable real-time visibility and protection of cloud workloads, containers, and other Azure systems. • Validate the Azure and Defender Ecosystem: • Ensure CrowdStrike integrates effectively with Azure native tools such as Microsoft Defender for Cloud and Sentinel for event correlation, alerting, and incident response. • Policy and Configuration Review: • Review and recommend CrowdStrike policies to align with cloud security best practices (e.g., runtime protection, vulnerability detection, identity protection). • Enable Continuous Monitoring and Alerts: • Recommend dashboards, alert thresholds, and define escalation paths for cloud-specific threat detections within the CrowdStrike console. • Knowledge Transfer and Documentation: • Provide documentation and a walkthrough on how to monitor, maintain, and respond to alerts generated by CrowdStrike within the Azure environment. • Review Firewall Rules and NSGs • Analyze Firewall and Network Security Group (NSG) configurations. • Identify overly permissive rules or potential misconfigurations. • Recommend remediation and segmentation improvements. • Role-Based Access Control (RBAC) • Evaluate existing RBAC assignments for “least privilege” adherence. • Identify use of overly broad role assignments. • Recommend custom roles where applicable. • Privileged Identity Management (PIM) • Review implementation of Azure AD PIM. • Validate configuration of just-in-time (JIT) access and approval workflows. • Ensure administrative access is limited and monitored. • Review Remote Access Methods: • Assess all methods used to access Azure and connected resources remotely (e.g., VPN, Bastion, Just-in-Time VM access, remote desktop protocols, Azure Arc). • Confirm that remote access events are being logged, retained, and monitored within Sentinel or other SIEM tools. • Validate alerting for unusual access behavior. • Microsoft Defender for Cloud • Review Defender for Cloud configuration and coverage. • Validate security recommendations and assess secure score posture. • Ensure threat protection capabilities are appropriately enabled. • Network Security • Analyze Virtual Network (VNet) configurations and peering. • Review ExpressRoute, VPN Gateways, and perimeter controls. • Assess segmentation and network-level threat protection. • Key Vault and Secrets Management • Assess Azure Key Vault access policies, RBAC integration, and use of managed identities. • Review expiration, rotation policies, and audit logging. • Vulnerability Management • Evaluate available vulnerability scanning tools and make recommendations on the future state. • Review patch management practices and reporting. • Resource Configuration Drift • Analyze tools or scripts in place to detect drift from desired configurations. • Recommend remediation and alerting mechanisms. • Backups and Site Recovery • Review backup policies and configurations. • Evaluate replication and disaster recovery strategies for critical workloads. • Log Collection and Alerting • Review diagnostic log collection configurations. • Validate log retention policies and storage accounts. • Review alert rules and action groups for completeness and relevance. • Azure Sentinel Integration • Assess Azure Sentinel deployment and data connector coverage. • Review workbook, analytic rule, and incident configurations. • Validate SOAR (automation) playbooks and alert tuning. • SQL and Azure Database Security • Verify that transparent data encryption (TDE), threat detection, auditing, and firewall settings are properly configured for all SQL and PaaS database resources. • Evaluate access control and use of Private Endpoints. • CI/CD Pipeline Security • Review Azure DevOps or GitHub-based CI/CD pipelines. • Assess identity use, secrets management, and security scanning in pipelines. • Recommend improvements for code-to-cloud traceability and shift-left security. Pay rate: $80-$95/hour Link Technologies is an equal opportunity employer. All qualified applicants will receive consideration for employment without discrimination based on race, color, religion, sex, gender identity/expression, sexual orientation, national origin, protected veteran status, disability, or any other factors protected by law. Job Type: Contract Pay: $80.00 - $95.00 per hour Benefits: • Dental insurance • Health insurance • Vision insurance Work Location: In person

Requirements