Back to Search Results

Network Segmentation Engineer - MS Azure & Defender

Post Date

May 15, 2025

Location

Tuckahoe,
Virginia

ZIP/Postal Code

23226

Job Type

Contract

Job Description

Job Summary:
We are seeking a skilled and detail-oriented Network Segmentation Engineer with expertise in
Microsoft Azure Infrastructure-as-a-Service (IaaS) and Microsoft Defender to join our growing IT Security team. The ideal candidate will be responsible for designing, implementing, and managing network segmentation strategies within Azure environments, while leveraging MS Defender to enhance security posture. You will play a key role in ensuring that the cloud network infrastructure is secure, scalable, and compliant, using advanced segmentation techniques to reduce attack surfaces and prevent lateral movement in the network.
Key Responsibilities:
Azure Network Segmentation Design & Implementation:
o Design, implement, and manage network segmentation strategies within Azure IaaS to improve security, performance, and compliance across cloud environments. o Create and maintain Virtual Networks (VNets), Subnets, Network Security Groups (NSGs), and Application Security Groups (ASGs) to segment resources and isolate critical workloads in Azure. o Work with other teams to design and implement network segmentation policies that adhere to security best practices and meet regulatory requirements.
Security Integration with MS Defender:
o Leverage Microsoft Defender for Cloud and Microsoft Defender for Endpoint to enforce and monitor security policies on segmented networks. o Implement and configure security controls and alerts within MS Defender to identify, monitor, and mitigate vulnerabilities and threats within Azure environments.
o Develop and maintain security baseline configurations for Azure IaaS resources using MS Defender and Azure Security Center.
o Collaborate with security teams to integrate MS Defender with other security solutions and incident response workflows to improve cloud security posture.
Automation and Orchestration:
o Utilize automation tools such as Azure Resource Manager (ARM) templates, Ansible, or PowerShell to deploy and manage network segmentation and security configurations at scale.
o Develop and maintain scripts or automation workflows to enforce segmentation policies and integrate MS Defender for proactive monitoring and incident response.
Performance Monitoring and Optimization:
o Continuously monitor the performance and security of network segments within Azure using Azure Monitor, Microsoft Defender, and other cloud-native monitoring tools.
o Identify areas for optimization, security hardening, and potential bottlenecks in segmented network traffic. o Work closely with cloud engineering and security teams to resolve network issues and improve overall network efficiency and protection.
Security & Compliance:
o Ensure all network segmentation designs meet industry-specific security standards and compliance requirements, including NIST, HIPAA, and GDPR. o Collaborate with compliance teams to conduct regular security audits and risk assessments within Azure environments to maintain compliance.
o Implement micro-segmentation techniques within Azure to limit the blast radius of potential security incidents and reduce the attack surface.
Documentation & Reporting:
o Maintain accurate documentation for all network segmentation configurations, security policies, and procedures. o Produce regular reports on network segmentation health, security postures, and MS Defender alerts to inform stakeholders and ensure continuous improvement.

Pay range: $60-$90/HR

We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to Human Resources Request Form. The EEOC "Know Your Rights" Poster is available here.

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Required Skills & Experience

Education:
o Bachelors degree in Computer Science, Information Technology, Network Engineering, or a related field. Relevant certifications may be considered in lieu of formal education.
Experience:
o At least 5 years of experience in network engineering or IT security, with a focus on cloud environments, particularly Microsoft Azure IaaS. o Proven experience implementing and managing network segmentation within Azure, including VNets, Subnets, NSGs, ASGs, and other Azure networking components.
o Hands-on experience with Microsoft Defender for Cloud, Microsoft Defender for Endpoint, and other Azure security tools.
o Strong understanding of cloud security best practices, including securing resources in IaaS environments and using tools to enhance security and monitoring.
Certifications (Preferred):
o Microsoft Certified: Azure Solutions Architect Expert. o Microsoft Certified: Azure Security Engineer Associate. o Microsoft Certified: Azure Fundamentals.
o Microsoft Certified: Security, Compliance, and Identity Fundamentals. o CompTIA Security+, Certified Information Systems Security Professional (CISSP), or equivalent security certifications.
Skills and Abilities:
o Expertise in Microsoft Azure networking and security features, including VNets, Subnets, NSGs, and ASGs.
o Proficient in Microsoft Defender for Cloud and other Azure security tools, with the ability to configure and manage policies, alerts, and incident response.
o Hands-on experience with cloud automation tools (e.g., ARM templates,
PowerShell, Ansible) to manage cloud resources and network segmentation.
o Strong understanding of network security concepts, including micro-segmentation, access control, and zero-trust architectures. o Knowledge of cloud security frameworks and best practices, such as the CIS Benchmarks for Azure.
o Ability to troubleshoot network issues and security alerts in Azure and provide solutions that improve security and performance. o Excellent communication and documentation skills to collaborate effectively with cross-functional teams.

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.