Job ID: NY-85626Y0802 (916090711)
Hybrid/Local Azure Security Architect (Solutions Architect Expert/15+) with security/scalability/resilience/governance, VNets/subnets/NSGs/Firewall/WAF/CLI scripting, App Services/VMs/SQL/Key Vault, ISO/NIST, threat modeling, risk/vulnerability assessments, DevSecOps/CI/CD, PowerShell, IAM/Azure Entra ID/RBAC/MFA/PIM, Zero Trust, GitHub experience
Location: New York, NY (DEPARTMENT OF CITYWIDE ADMINISTRATIVE SERVICES)
Duration: 12 Months
MANDATORY SKILLS/EXPERIENCE
Note: Candidates who do not have mandatory skills will not be considered.
Extensive experience designing and implementing Azure cloud architecture across enterprise environments
Strong knowledge of Azure Well-Architected Framework and cloud best practices (security, scalability, resilience, governance)
Hands-on experience with Azure networking (VNets, subnets, NSGs, Azure Firewall, WAF, private endpoints)
Experience with Azure infrastructure provisioning (App Services, VMs, Storage, SQL, Key Vault etc.)
Strong expertise in Identity and Access Management (Azure Entra ID, RBAC, MFA, Conditional Access, PIM)
Solid understanding of Zero Trust security architecture and implementation
Experience implementing Azure Policy, governance controls, and security baselines
Knowledge of cloud security, threat modeling, and risk assessment practices
Familiarity with regulatory and compliance frameworks (ISO 27001, NIST, etc.)
Experience with DevSecOps practices and CI/CD security integration
Strong documentation skills (architecture diagrams, runbooks, technical documentation)
Excellent communication, stakeholder engagement, and collaboration skills
DESIRABLE SKILLS/EXPERIENCE:
PowerShell and Azure CLI scripting
Azure cost, GitHub Actions
Cost Management
Azure certifications:
o Azure Administrator Associate
o Azure Solutions Architect Expert
SPECIAL REQUIREMENTS:
Require off-hour support during production cutover or to troubleshoot, resolve critical issues
SCOPE OF SERVICES
The Azure Cloud Specialist will be responsible for designing and implementing a secure, scalable Azure cloud architecture across all environments, including defining subscription structure, resource organization, naming conventions, and tagging standards, as well as producing architecture diagrams aligned with the Azure WellArchitected Framework and organizational requirements. The Consultant will provision and configure core Azure infrastructure components, implement identity and access management (including RBAC, Azure Entra ID, MFA, Conditional Access, and PIM), and apply Zero Trust security principles in alignment with DCAS and OTI Cyber GRC standards. In addition, the Consultant will design and enforce cloud security controls, support governance and compliance activities (including Azure Policy, ISO 27001, and NIST alignment), perform risk and vulnerability assessments, integrate security into DevSecOps practices, and develop operational documentation and conduct knowledge transfer to ensure sustainable operations.
Description:
Azure Cloud Administration Specialist
The Azure Cloud Administration Specialist will design and architect solutions to implement a secure, scalable, and production-ready Azure cloud environment spanning multiple environments, including Development, QA, UAT, Staging, and Production. The role will support structured development, automated deployment using Azure DevOps and/or GitHub, testing, and secure application releases.
The solution will be built in alignment with the Azure Well-Architected Framework, ensuring strong governance, security, performance, cost optimization, and seamless integration across cloud and on-premises systems. The Azure Cloud Specialist will provide architectural leadership and hands-on expertise across design, implementation, and operational readiness.
Engaging experienced specialists will help reduce delivery risk, accelerate implementation timelines, ensure regulatory and organizational compliance, and provide long-term sustainability and operational stability of the cloud environment.
RESPONSIBILITIES:
Azure Architecture & Design
Design end-to-end Azure architecture across all environments.
Define subscription structure, resource groups, naming conventions, and tagging standards.
Design secure network topology (VNets, subnets, NSGs).
Produce architecture diagrams for stakeholder approval.
Ensure alignment with Azure Well-Architected Framework and best practices for security, scalability, resilience, and governance.
Infrastructure Provisioning
Provision and configure Azure resources (VNets, App Services, VMs, SQL, Storage, Key Vault).
Implement RBAC, Azure Policies, and governance controls.
Ensure environment readiness for Dev, Test, UAT, and Production.
Azure Kubernetes Service (AKS) provisioning and support
Validate connectivity and infrastructure configuration.
Apply Zero Trust principles aligned with DCAS and OTI Cyber GRC standards.
Security Architecture
Define Azure security strategy and secure cloud architecture.
Implement network security (NSGs, Firewall/WAF, private endpoints).
Conduct threat modeling, risk assessments, and security validation.
Ensure compliance with security and regulatory standards.
Identity & Access Management (IAM)
Configure Azure Entra ID integration and identity management.
Implement RBAC, MFA, Conditional Access, and PIM.
Manage Azure Key Vault and secrets protection.
Support data protection, classification, and DLP controls.
Coordinate with GRC teams for compliance.
Governance, Risk & Compliance
Implement Azure policies and security baselines.
Ensure compliance with ISO 27001, NIST, and related frameworks.
Conduct audits, vulnerability assessments, and remediation tracking.
DevSecOps & Documentation
Integrate security into CI/CD pipelines and perform security reviews.
Provide architecture guidance to engineering teams.
Develop runbooks, operational documentation, and architecture diagrams.
Conduct knowledge transfer to internal teams.
The consultant will ensure the applications are securely deployed, reliably operated, and scalable enough to handle public use while meeting strict government security and performance requirements.
