Security Architect- R01560184

Brillio is one of the fastest growing digital technology service providers and a partner of choice for many Fortune 1000 companies seeking to turn disruption into a competitive advantage through innovative digital adoption. Brillio, renowned for its world-class professionals, referred to as "Brillians", distinguishes itself through their capacity to seamlessly integrate cutting-edge digital and design thinking skills with an unwavering dedication to client satisfaction.

Brillio takes pride in its status as an employer of choice, consistently attracting the most exceptional and talented individuals due to its unwavering emphasis on contemporary, groundbreaking technologies, and exclusive digital projects. Brillio's relentless commitment to providing an exceptional experience to its Brillians and nurturing their full potential consistently garners them the Great Place to Work® certification year after year.

Job Description:

This role is meant for someone who can own security remediation end-to-end across a complex Azure ecosystem. You’ll handle vulnerabilities across infrastructure, applications, AKS, containers, data platforms, and core Azure services. Expect to engage directly with senior client leaders, guide engineering teams, and shape the client’s overall security maturity.

Lead vulnerability remediation across a wide set of Azure and hybrid platforms including

o   Azure VMs (Windows/Linux)

o   AKS clusters, node pools, and container registries

o   App Services, Function Apps, Logic Apps

o   Storage Accounts, Databases, Key Vaults, Networking

o   Container images (ACR) and CI/CD pipelines.

·       Review and guide fixes code-related vulnerabilities (SAST/DAST results, secrets, insecure dependencies).

·       Build detailed hardening guides covering OS, Azure services, Kubernetes, networks, and identity layers.

·       Work closely with infra, DevOps, SRE, and app teams to implement hardening recommendations in a structured, repeatable way.

·       Drive large-scale backlog remediation—prioritize issues, define workflows, and ensure real progress week over week.

·       Provide industry-standard best practices to uplift the client’s overall security maturity, including cloud posture management, workload isolation, network security, identity hygiene, and governance.

·       Host daily client calls to walk through status, blockers, upcoming remediation tasks, and architectural considerations.

·       Document architecture gaps, remediation approaches, compliance alignment, and long-term improvement plans.

·       Act as senior advisor and escalation point for all security remediation streams.

·       Coach and mentor teams executing remediation to ensure consistency and quality.

·       12–15+ years of combined experience in security architecture, cloud security, infrastructure security, or application security.

·       Deep hands-on experience with Azure security across:

o   Compute (VMs, VMSS)

o   Containers (AKS, ACR)

o   PaaS services (App Services, Function Apps, API Management)

o   Identity & Access (Azure AD/Entra ID, Managed Identities, RBAC)

o   Networking security (NSGs, ASGs, WAF, Private Endpoints, Firewall)

o   Data security (Key Vault, Storage, SQL, CosmosDB)

o   Defender for Cloud and Azure Policy

·       Strong exposure to Windows and Linux hardening.

·       Ability to drive remediation across infrastructure, application layers, and cloud-native services.

·       Strong architectural understanding of how vulnerabilities originate, how they propagate across cloud resources, and how to design long-term fixes.

·       Experience resolving complex remediation backlogs in enterprise-scale environments.

·       Excellent communication skills and confidence to lead daily discussions with senior client stakeholders.

·       Strong documentation skills—ability to create clear hardening guides, runbooks, architectural diagrams, and remediation plans.

·       Wiz (CSPM/CNAPP)

·       ServiceNow (ticketing, workflows, reporting)

·       Azure Portal, Azure CLI, ARM/Bicep familiarity

·       Linux (RHEL/Ubuntu) and Windows Server environments

·       Optionally: Defender for Cloud, GitHub Advanced Security, Qualys, Aqua/Prisma, or equivalent.

Certifications: CISSP, CCSP, AZ-500, AZ-305, CKA/CKS.

Experience with IaC hardening (Terraform/Bicep) and DevSecOps practices.

Background n threat modeling, architecture risk reviews, or cloud governance.

As Brillio continues to gain momentum as a trusted partner for our clients in their digital transformation journey, we strive to set new benchmarks for speed and value creation. The DI team at Brillio is at the forefront of leading this charge by reimagining and executing how we structure, sell and deliver our services to better serve our clients.

DI: https://www.brillio.com/services-digital-infrastructure/

Know what it’s like to work and grow at Brillio: https://www.brillio.com/join-us/

Brillio is an equal opportunity employer to all, regardless of age, ancestry, colour, disability (mental and physical), exercising the right to family care and medical leave, gender, gender expression, gender identity, genetic information, marital status, medical condition, military or veteran status, national origin, political affiliation, race, religious creed, sex (includes pregnancy, childbirth, breastfeeding, and related medical conditions), and sexual orientation.

#LI-MN1

Know what it’s like to work and grow at Brillio: Click here