Azure Network Security Engineer

Role Overview We are looking for a hands-on Azure Network Security Engineer with strong experience in Azure VNets, Network Security Groups, Application Security Groups, Azure Monitor, NSG Flow Logs, Terraform/Bicep, and network micro-segmentation. The role will involve designing and implementing Azure network isolation, NSG/ASG-based segmentation, database micro- segmentation, application segmentation, app-to-database segmentation, validation, rollout planning, and rollback documentation. Exposure to Palo Alto on Azure, VM-Series, Cloud NGFW, Panorama, or centralized traffic inspection patterns will be considered an added advantage, but it is not mandatory for this role. Key Responsibilities * Design Azure network segmentation model using VNets, NSGs, and ASGs. * Map Azure application-to-database communication flows. * Prepare Azure HLD, LLD, ASG taxonomy, and traffic flow matrix. * Implement NSG rules based on approved ASG membership and traffic matrix. * Separate Prod, Dev, and Test environments using Azure-native controls. * Configure NSG Flow Logs and Azure Monitor alerts. * Implement database micro-segmentation for PostgreSQL and MSSQL workloads. * Restrict DB ports such as 5432 and 1433 to authorized application workloads only. * Implement application segmentation using ASGs and NSGs. * Enforce app-to-database cross-segmentation rules. * Validate NSG rules in Dev and Staging environments. * Ensure Azure segmentation model aligns with the agreed multi-cloud security model. * Prepare test reports, rollout plan, rollback plan, and operational runbooks. * Work with cloud, security, DevOps, and client stakeholders for approvals and signoffs.

Experience 6 – 10 Years Mandatory Skills * Strong hands-on experience in Azure VNet networking * Strong experience with Network Security Groups * Strong experience with Application Security Groups * Experience in Azure network segmentation / micro-segmentation * Experience with NSG Flow Logs * Experience with Azure Monitor / Log Analytics * Working knowledge of Terraform for Azure or Bicep * Good understanding of PostgreSQL / MSSQL network access patterns * Ability to create HLD, LLD, traffic matrix, test plan, rollout and rollback documents Good to Have * Palo Alto VM-Series / Cloud NGFW on Azure awareness * Palo Alto Panorama / PAN-OS policy management exposure * Experience with Azure traffic inspection patterns using UDRs, hub-spoke routing, firewall insertion, or centralized inspection * GCP Secure Tags awareness * Microsoft Azure Network Engineer certification * Microsoft Azure Security Engineer certification * Terraform Associate certification