Senior Cloud Security Consultant

Overview

NVISO protects European society from potentially devastating cyber attacks by offering cyber security services to private and governmental organisations. Our mission is to help them better prepare for, prevent, detect and respond to cyber security incidents.

We are proud, break barriers, care and no BS.

Responsibilities

You will be joining NVISO’s Cloud Security team as a Cloud Security (Sr.) Consultant. The ideal candidate has knowledge in Azure or Microsoft 365 cloud services, with a particular focus on security.

Key Tasks

Strategy and Governance

• Assess cloud security posture against frameworks (CIS, NIST, ISO 27001, Microsoft Azure Security Benchmark, M365 baseline).
• Define cloud security strategy, target operating model and roadmap aligned to business and regulatory requirements.
• Develop and maintain cloud security policies, standards and guardrails for Azure and M365.

Identity and Access Management (IAM)

• Design and implement Microsoft Entra tenant architecture, identity lifecycle, conditional access and MFA.
• Implement and tune Conditional Access policies, risk‑based access and device compliance integrations with Intune/Endpoint Manager.
• Deploy and operate Privileged Access Management (PAM), including PIM for Azure and M365 roles, just‑in‑time access and break‑glass accounts.
• Integrate on‑premises identities (hybrid) with secure sync and hardening of federation where used.

Platform Security and Hardening (Azure)

• Build secure landing zones using Azure Policy, Blueprints/Bicep/Terraform and management groups.
• Enforce baseline controls for networking (NSGs, Azure Firewall, Private Link), compute (secure images, patching) and storage (encryption, private endpoints).
• Configure Azure Key Vault for secrets, keys and certificates management with RBAC and purge protection.
• Implement workload isolation, tagging and resource locks; manage identity‑based access (managed identities).

Threat Protection and Monitoring

• Deploy and tune Microsoft Defender for Cloud, Defender for Cloud Apps (MCAS), Defender for Endpoint and Defender for Identity.
• Configure Microsoft Sentinel: data connectors, analytics rules, UEBA, watchlists, workbooks and SOAR playbooks (Logic Apps).
• Develop detection use cases, threat hunting queries (KQL) and incident response runbooks for Azure and M365 threats.
• Establish alert triage, escalation paths and continuous tuning to reduce noise and improve mean time to detect and respond.

Microsoft 365 Security

• Configure and manage Microsoft Purview for DLP, information protection labels, data lifecycle and insider risk.
• Implement Exchange Online, SharePoint, OneDrive and Teams security baselines, safe links/attachments and anti‑phishing policies.
• Enforce device compliance via Intune, app protection policies and conditional access for BYOD and corporate devices.
• Secure collaboration and external sharing with sensitivity labels, access reviews and entitlement management.

Data Protection and Encryption

• Design data classification and labelling strategies with Microsoft Purview; enforce DLP across endpoints, Exchange, SharePoint and Teams.
• Ensure encryption at rest and in transit, customer‑managed keys (CMK) and double encryption where required.
• Implement eDiscovery, legal hold and audit configurations for regulatory needs.

Requirements

• You hold citizenship in one of the 32 NATO member states.
• 2 to 3 years of experience in information security specific to Azure or Microsoft 365 cloud environments.
• Proven expertise with Microsoft’s cloud services, including Entra ID, Microsoft Sentinel and the Microsoft Defender family.
• Experience with cloud security best practices and related frameworks (CIS Benchmarks, Microsoft Cloud Security Benchmark, etc.).
• Strong communication, documentation and reporting skills.
• Relevant current Microsoft cloud certifications (AZ‑104, SC‑900, SC‑200, SC‑300, SC‑401, AZ‑500).

Preferred

• Bachelor’s degree in Computer Science, Cyber Security, Information Security, Engineering, Information Technology or related studies.
• Experience in consulting.
• Other vendor‑agnostic cybersecurity certifications (SSCP, CompTIA Security+ or equivalent).
• Experience with scripting languages such as PowerShell or Python.

Benefits

• Training budget of €10,000 and 10 days every 2 years.
• Company car and Belgian fuel card.
• Work and learn from leading European cyber security professionals, including multiple SANS instructors.
• Entrepreneurial and agile working environment encouraging new initiatives.
• Regular team‑building and fun events throughout the year.
• Personal coaching and career support within the team.
• Flexible working hours, work-from-home and possibility to work from abroad.
• Flex Income Plan.
• 32 paid leave days.