Job Description
A customer of Insight Global is looking to hire an Azure Network Security Consultant to come onboard!
In this role, you will help a large organization stand up and secure a brand-new Azure public cloud environment, supporting the design and rollout of a hub-and-spoke landing zone and the network/security foundation that enables workloads to operate safely. You’ll partner closely with cloud, security, and infrastructure stakeholders to implement enterprise-grade controls across connectivity, segmentation, routing, and threat protection in Azure and hybrid environments. The ideal candidate is comfortable advising on best-practice architecture while also hands-on implementing services like WAF, DDoS protection, firewalling, and private connectivity. Strong verbal and written communication skills are essential, as you’ll translate technical decisions into clear guidance and documentation for varied audiences. If you believe you are the right fit for the role, we welcome you to apply!
OVERVIEW:
This position focuses on building and securing Azure network infrastructure for a newly established cloud environment, including hybrid connectivity to on-prem and end-to-end network security controls. You will design and implement protections such as Azure WAF aligned to OWASP Top 10 risks, DDoS protection, segmentation strategies, and traffic filtering using native Azure capabilities (and may evaluate third-party firewall options). You will also support routing and connectivity patterns (local and global), private access patterns (Private Link/Private DNS), and network observability improvements. Excellent verbal and written communication skills are required to collaborate with cross-functional teams, document architectures, and clearly explain tradeoffs and decisions. If you believe you are the right fit for the role, we welcome you to apply!
DAY-TO-DAY RESPONSIBILITIES:
-Partner with cloud/security stakeholders to design and implement Azure network security strategy for a new landing zone (hub-and-spoke).
-Configure and harden Azure Web Application Firewall (WAF) policies aligned to OWASP Top 10, including tuning rules and validating coverage.
-Design and implement Azure DDoS protection and associated monitoring/alerting for cloud resources and critical endpoints.
-Build and optimize network segmentation and traffic filtering using Network Security Groups (NSGs), Application Security Groups (ASGs), and Azure Firewall (or comparable firewall services).
-Establish resilient hybrid connectivity (VPN with redundancy and/or ExpressRoute), including routing tables and private connectivity patterns.
-Implement application and workload routing: Azure Load Balancer, Application Gateway, and global routing solutions (Front Door/Traffic Manager) as needed.
Configure Private Link, Private Link Services, and Private DNS to enable secure private access between on-prem, Azure, and cloud workloads.
-Improve network observability by implementing and optimizing Azure Network Watcher (flow logs, connectivity checks, packet capture) and operational runbooks.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
MUST-HAVES (ABSOLUTE REQUIREMENTS):
-Azure Networking (5+ years): Hands-on design/implementation of Azure VNets, subnets, routing (UDRs), peering, and hub-and-spoke architectures.
-Hybrid Connectivity (3+ years): Azure VPN Gateway (active/active or redundant designs) and/or Azure ExpressRoute, including BGP/routing concepts and private connectivity patterns.
-Network Security Controls (3+ years): NSGs/ASGs plus Azure Firewall (rules, policies, DNAT/SNAT, threat-intel mode) and segmentation best practices.
-Web App Protection (3+ years): Azure WAF (often via Application Gateway WAF) with policy creation, tuning, and OWASP Top 10 alignment.
-DDoS Protection (2+ years): Azure DDoS Protection Standard design, onboarding resources, and implementing monitoring/response procedures.
-Private Access Patterns (2+ years): Private Link/Private Endpoints and Private DNS zones, including name resolution strategy across hybrid networks.
-Network Observability (2+ years): Azure Network Watcher, NSG flow logs, diagnostics, and troubleshooting connectivity/performance issues end-to-end
Nice to Have Skills & Experience
Compensation: $30/hr to $40/hr
**Exact compensation may vary based on several factors, including skills, experience, and education.
Employees in this role will enjoy a comprehensive benefits package starting on day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan begins after 90 days of employment. Additionally, employees in this role will have access to paid sick leave and other paid time off benefits as required under the applicable law of the worksite location.
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.