Cloud and Security SME

DMX Tech Services

Design, implement, and maintain Cloud and Network Security architectures across Azure, AWS, and hybrid datacenter environments, aligned to Zero Trust, Well-Architected Frameworks, and enterprise security standards.

• Deploy, monitor, and optimize Firewall, WAF, L7/L4 Load Balancers, API Gateways, Bot & DDoS Protection, Secure Web Gateways, and other network security controls across cloud and on-prem infrastructure.
• Implement and support Secure Connectivity patterns including Site-to-Site VPNs, SD-WAN, Remote Access VPNs, MPLS, ExpressRoute / Direct Connect, VNet/VPC Peering, Private Endpoints, Service Endpoints, and Hybrid DNS strategies.
• Provide L3 operational support for Firewalls (NGFW), WAF, Bot management, DDoS appliances / cloud-native protection, IPS/IDS, API Security platforms, Privileged Access Management, Endpoint Security, and SIEM/SOAR-integrated network platforms.
• Operate and enhance cloud-native network security controls such as Azure Firewall, Application Gateway, Front Door, Network Security Groups (NSGs), Private Link, Traffic Manager, Route Tables, Azure DDOS Protection, Network Watcher, and equivalents in AWS / GCP.
• Implement and manage SASE and Zero Trust Network Access (ZTNA) solutions to secure remote and distributed workforce connectivity, ensuring least-privilege network access.
• Adopt Security-as-Code / Infrastructure-as-Code practices using tools such as Terraform, Bicep, ARM Templates, Ansible, and CI/CD pipelines for repeatable, auditable, and compliant network deployments.
• Utilize Cloud Security Platforms including CNAPP / CSPM / CWPP / CASB (e.g., Prisma Cloud, Defender for Cloud, Wiz, Lacework) to enforce policy, detect posture drift, and automate remediation of security misconfigurations.
• Ensure API Security posture using API gateways, schema validation, threat protection, runtime behavior monitoring, and integration with CI/CD governance.
• Collaborate with Enterprise Architecture, Security Engineering, and Cloud Platform teams to review and approve cloud network designs, ensuring adherence to governance, segmentation, encryption, and isolation requirements.
• Assist in the design and deployment of Cloud Landing Zones, Hub-Spoke network models, regional failover architectures, identity-aware proxying, and secure service mesh communications as needed.
• Perform proactive and reactive system upgrades, lifecycle patching, incident response, vulnerability mitigation, and participate in On-Call rotations where required, following change control processes.
• Manage vendor and OEM escalations, technical support engagements, RCA follow-up, and ensure SLA-bound service continuity.
• Create, update, and maintain architecture diagrams, SOPs, runbooks, configuration baselines, and operational knowledge base articles to ensure ongoing platform maintainability and support readiness.

Familiarity with SIEM/SOAR operations and security incident response processes