Azure Security Lead

Position Overview

We are seeking an experienced Azure Security Lead to join our team in Sofia, Europe. This role will be responsible for designing, implementing, and maintaining robust security frameworks across our Azure cloud infrastructure. The successful candidate will lead security initiatives, ensure compliance with industry standards, and drive best practices for cloud security across the organisation.

Key Responsibilities

Security Architecture & Strategy

• Design and implement comprehensive Azure security architectures and frameworks
• Develop and maintain cloud security policies, procedures, and standards
• Lead security assessments and risk analysis for Azure environments
• Create and execute security roadmaps aligned with business objectives

Microsoft Security Stack Implementation

• Configure and manage Microsoft Defender for Cloud, Microsoft Defender for Endpoint, and Microsoft Sentinel
• Implement and optimise Microsoft 365 Defender suite (Defender for Office 365, Identity, Endpoint)
• Deploy and manage Microsoft Purview for data governance, compliance, and information protection
• Design Azure Active Directory/Entra ID architecture including Conditional Access and Identity Governance
• Implement Microsoft Defender for Enterprise (DfE) across the organization
• Configure Data Loss Prevention (DLP) policies and sensitivity labels in Purview
• Manage Azure Key Vault, certificate management, and encryption strategies
• Work with SOC and our Managed Sentinel Service Provider

Compliance & Governance

• Ensure compliance with industry standards (ISO 27001, SOC 2, GDPR, NIS2, etc.)
• Implement Microsoft Compliance Manager and Compliance Score optimisation
• Manage Microsoft Purview Audit, eDiscovery, and Advanced eDiscovery solutions
• Develop and maintain security governance frameworks using Microsoft tools
• Configure insider risk management and communication compliance policies
• Conduct security audits and vulnerability assessments using Microsoft security tools
• Lead on Secure Score compliance and changes
• Manage compliance reporting and documentation through Microsoft Purview

Team Leadership & Collaboration

• Lead and mentor security team members
• Collaborate with DevOps, infrastructure, and development teams
• Provide security guidance and training to technical teams
• Interface with stakeholders and executive leadership on security matters

Incident Response & Monitoring

• Design and implement security monitoring and alerting systems
• Lead incident response activities and post-incident reviews
• Develop and maintain disaster recovery and business continuity plans
• Establish security metrics and KPIs

Education & Experience

• Bachelor's degree in Computer Science, Information Security, or related field
• 5+ years of experience in cloud security, with 3+ years specifically in Azure
• 2+ years in a leadership or senior technical role

Technical Skills (General)

• Expert knowledge of Microsoft security ecosystem: Azure, M365, Defender suite, and Purview
• Deep expertise in Microsoft Defender for Enterprise (DfE), Defender for Cloud, and Defender for Endpoint
• Advanced proficiency with Microsoft Purview for data governance, compliance, and information protection
• Strong experience with Microsoft 365 security stack including Defender for Office 365 and Identity
• Expert-level Azure Active Directory/Entra ID including Conditional Access and Identity Governance
• Experience with Microsoft Sentinel for SIEM/SOAR capabilities and security orchestration
• Proficiency with Privileged Identity Management (PIM) and Privileged Access Management (PAM)
• Knowledge of Microsoft Information Protection (MIP) and Azure Information Protection (AIP)
• Experience with Microsoft Defender for Cloud Apps and Cloud App Security policies
• Understanding of Zero Trust architecture implementation using Microsoft technologies
• Proficiency in PowerShell, Microsoft Graph API, and Microsoft security automation
• Knowledge of Microsoft compliance solutions and regulatory frameworks (GDPR, NIS2, ISO 27001, SOC 2)
• Experience with Microsoft Intune for device management and mobile application management
• Understanding of Azure Network Security Groups, Application Security Groups, and Azure Firewall
• Knowledge of Microsoft Defender for Business and Enterprise deployment at scale
• Experience with Microsoft Intune and Endpoint Manager for device compliance
• Understanding of Microsoft Viva suite security implications
• Previous experience with large-scale Microsoft Defender Suite implementations
• Experience with Microsoft partner security tools integration (SIEM/SOAR connectors)

Certifications (Required)

• Microsoft Certified: Cybersecurity Architect Expert (SC-100)

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Microsoft 365 Certified: Security Administrator Associate (MS-500)
• One or more of: Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900), Microsoft Certified: Information Protection Administrator Associate (SC-400)

Certifications (Desirable)

• CISSP, CISM, CCSP, or equivalent security certification

Soft Skills

• Strong leadership and team management capabilities
• Excellent communication and presentation skills
• Ability to translate technical concepts to business stakeholders
• Problem-solving and analytical thinking
• Project management experience

What We Offer

• Competitive salary commensurate with experience
• Professional development opportunities and certification support
• Flexible working arrangements and remote work options
• Modern office environment in Sofia city centre
• International team collaboration and career growth opportunities
• Annual training and conference budget

Location & Work Arrangement

• Primary location: Sofia, Bulgaria
• Hybrid work model with flexible office attendance
• Occasional travel for team meetings and conferences
• EU work authorisation required

• Annual Leave
• 22 days per calendar year (and all local bank holidays)
• An additional day off for your birthday
• Wellness and Care Leave
• Up to 5 days for self-care or wellness
• Volunteer Day
• 1 day off to support a charity of your choice
• Share With Scheme
• Eligible employees receive a share in a qualifying event
• Therapy Sessions
• 50% contribution towards therapy sessions, up to BGN 90 per session
• Lunch & Learns
• Events held throughout the year with educational or informative topics
• Charity Matching Days
• Company matches charity sponsorships up to 3500 BGN
• Hybrid Working
• 3 days in the office, 2 days working from home
• Multisport
• 50% contribution from the employer, 50% from employee
• State Benefits
• Pension & health provision
• Family-friendly policy
• Office Facilities
• Contemporary office space
• Free Onsite gym
• Address: 51, "Cherni vrah" Blvd, 1407 Sofia, WorkBetter Coworking space
• Employee Assistance Programme (EAP)
• 24-hour confidential health assistance via TelusHealth, including:
• Counselling support
• Financial wellbeing
• Bereavement support
• Legal information
• Medical information
• Refer a Friend
• BGN 1,200 reward for successful referral
• Hardship Fund
• Financial assistance repayable with low interest over 3, 6, or 12 months
• Learn With Us
• Access to a learning platform with over 80,000 free course