As a Senior Cloud Security Consultant, you will play a key role in shaping and securing cloud environments across Azure and Microsoft 365. Your work will focus on evaluating security posture, defining strategic roadmaps, and implementing robust controls that align with industry standards and regulatory requirements.
Key Responsibilities
- Evaluate cloud security configurations against recognized frameworks such as CIS, NIST, ISO 27001, and Microsoft-specific benchmarks
- Develop and maintain comprehensive cloud security policies, standards, and governance controls tailored to Azure and M365
- Design and implement Microsoft Entra ID solutions, including identity lifecycle management, conditional access, and multi-factor authentication
- Configure and optimize Conditional Access policies with risk-based rules and device compliance integrations using Intune or Endpoint Manager
- Deploy and manage Privileged Identity Management (PIM) for just-in-time access, emergency break-glass accounts, and role activation workflows
- Integrate on-premises identity systems securely with cloud environments, including hardened federation setups
- Build secure cloud landing zones using infrastructure-as-code tools like Bicep, Terraform, or Azure Blueprints
- Enforce security baselines for networking, compute, and storage through policy controls and resource tagging
- Manage secrets, keys, and certificates using Azure Key Vault with role-based access and purge protection enabled
- Implement workload segmentation, managed identities, and resource locks to minimize attack surfaces
- Deploy and fine-tune Microsoft Defender for Cloud and its suite of protections, including Defender for Endpoint, Cloud Apps (MCAS), and Identity
- Configure Microsoft Sentinel with data connectors, analytics rules, UEBA, watchlists, workbooks, and automated playbooks via Logic Apps
- Develop detection logic using KQL, conduct threat hunting, and create incident response runbooks specific to cloud threats
- Establish alert triage processes, escalation paths, and continuous tuning to improve detection and response efficiency
- Manage data governance and compliance using Microsoft Purview, including DLP, sensitivity labeling, and insider risk policies
- Secure Exchange Online, SharePoint, OneDrive, and Teams with anti-phishing, safe links, and attachment filtering
- Enforce device compliance and app protection policies through Intune and conditional access for both corporate and personal devices
- Design secure collaboration workflows using sensitivity labels, access reviews, and entitlement management
- Implement data classification strategies and enforce DLP across endpoints and cloud services
- Ensure encryption at rest and in transit, including customer-managed keys and double encryption where applicable
- Support eDiscovery, legal hold, and audit logging to meet regulatory obligations
Qualifications
You must be a citizen of one of the 32 NATO member states. A minimum of 2–3 years of hands-on experience in securing Azure or Microsoft 365 environments is required. You should have demonstrated expertise with Microsoft cloud security tools, including Entra ID, Microsoft Sentinel, Defender suite, Intune, and Purview.
Familiarity with cloud security best practices and frameworks such as CIS Benchmarks or the Microsoft Cloud Security Benchmark is essential. Strong written and verbal communication skills are expected, along with the ability to produce clear documentation and reports.
Relevant Microsoft certifications such as AZ-104, AZ-500, SC-900, SC-200, SC-300, or SC-401 are required. A bachelor’s degree in Computer Science, Cybersecurity, or a related field is preferred. Consulting experience, vendor-neutral security certifications (e.g., SSCP, CompTIA Security+), and scripting skills in PowerShell or Python are advantageous.
Work Environment
This role operates in a hybrid setup with flexible hours, remote work options, and the possibility to work from abroad. You’ll benefit from a dynamic, agile culture that values innovation, personal growth, and collaboration.
Benefits
- 10,000€ training budget and 10 training days every two years
- Company car with Belgian fuel card
- Access to expert mentors and industry-recognized trainers, including SANS instructors
- Support for achieving advanced technical certifications (e.g., GSE, GXPN, GREM, GCFA, OSCP)
- Regular team-building and social events
- Personal coaching for career development and well-being
- Flexible income plan
- 32 paid leave days per year
