Role summary/purpose of job

We are seeking a passionate Cloud Security Specialist with hands-on experience in administering all aspects of Azure, M365, and Google Cloud Platforms (GCP). The role focuses on assessing cloud security configurations and advising on security best practices across Azure IaaS and GCP environments. The ideal candidate will have a strong engineering background in managing compute and network resources and extensive experience with terraform, Azure Defender, Conditional Access, and DevSecOps.

Department

Formed in 2014 the Information Security Group (ISG) focuses on delivering operational and strategic information and cyber security. The group is independent of IT. Operationally the group is overseen by the Information Security Committee (ISC) and Conduct and Risk Committee (CRC). The global chief information security officer reports into the firm’s General Counsel. 

ISG’s team is based equally across the firm’s London and Manchester offices.

Our services are delivered in a way which supports the global nature of our firm and our clients, enables our fee earners to deliver exceptional service to our clients and to do that in a way which is efficient and effective.

Key responsibilities and deliverables

Key Responsibilities:

• Cloud Security Assessment & Advisory:

  • Assess the security configurations of Azure IaaS and Google Cloud environments, including infrastructure, containers, and DevOps pipelines.

  • Provide recommendations based on industry best practices and emerging security threats.

  • The ability to design, implement, and manage Azure cloud infrastructure, including virtual networks, virtual machines, storage, and identity services.

  • The ability to provide Cyber Incident Responders subject matter expertise in Cloud security when required.

  • Must be fluent in assessing terraform scripts and identity security issues in deployments.

• Hands-On Azure Security Management:

  • Administer all aspects of Azure security environments, including IaaS, container security (e.g., AKS), and DevOps pipelines.

  • Implement, review, and advise on security controls for cloud-native applications and services, ensuring alignment with security policies.

• Terraform & Automation Advisory:

  • Review Terraform-based infrastructure code to identify potential security risks and weaknesses.

  • Provide recommendations for securing automated infrastructure provisioning processes.

• Defender & Security Monitoring Advisory:

  • Evaluate and optimise the use of Azure Defender and other security monitoring tools in Azure and Google Cloud.

  • Offer guidance on improving threat detection, monitoring, and response for cloud-based resources.

• Access Control & Conditional Access:

  • Assess and improve Conditional Access policies and identity management strategies, enforcing zero trust and least privilege principles.

  • Provide expert advice on configuring and managing identity and access management (IAM) solutions for secure cloud environments.

• DevSecOps & Container Security:

  • Conduct assessments of security practices in DevSecOps environments and pipelines.

  • Offer guidance on integrating security into CI/CD pipelines and ensuring infrastructure and application security.

• Compliance & Governance:

  • Ensure cloud environments meet regulatory and internal governance requirements.

  • Conduct periodic security audits and risk assessments, offering actionable recommendations.

• Collaboration & Thought Leadership:

  • Collaborate with cloud infrastructure, DevOps, Networks, and development teams to align security efforts with operational goals.

  • Serve as a thought leader, advocating for innovative security solutions and continuous improvement across the organization.

Key requirements

Experience:

• Cloud security, focusing on Azure IaaS and Google Cloud.

• Hands-on experience administering Azure security environments, including IaaS, containers (e.g., AKS), and DevOps pipelines.

• Strong background in administering compute, network, and storage resources in cloud and hybrid environments.

• Proficient in Terraform and infrastructure-as-code best practices.

• Extensive experience with Azure services,  Defender, Conditional Access, and security tools in Google Cloud.

Certifications:

• Relevant cloud and security certifications (e.g., Azure Security Engineer, Google Professional Cloud Security Engineer) are a plus.

Competencies

• A commitment to the highest level of integrity;

• Demonstrates an empathetic approach when dealing with others;

• A diplomatic and adaptable team working style and works collaboratively with colleagues;

• Able to delegate and deliver work through others;

• Able to resolve complex problems taking a proactive approach to analyse the issues and generate solutions. A determination to see a problem through to a solution;

• Actively manages personal learning and development;

• Decisive and mature in judgement;

• Excellent customer service skills with a helpful and responsive approach;

• Excellent organisational and time management skills with the ability to manage tasks efficiently;

• Excellent presentation skills with the ability to pitch new ideas clearly and inspire confidence;

• Excellent resource allocation and planning ability;

• Flexibility in approach and an ability to manage through change;

• Identifies and communicates opportunities to improve the way that work is done;

• Motivated, results and delivery focused with a commitment to quality of work and attention to detail;

• Resilient and calm under pressure;

• Takes ownership of tasks and is dedicated to meeting and exceeding expectations;

• Takes a consulting approach and can build strong working relationships at all levels.

Inclusion

Freshfields is an equal opportunities employer and all applications received by the firm will be considered based on their merit alone and we welcome applications from all suitably qualified individuals regardless of background. All offers of employment will be conditional on the candidate having/securing the right to work in the UK and providing the firm with evidence of that right (as required by the Immigration, Asylum and Nationality Act 2006) prior to employment commencing.

Freshfields is a Ban the Box employer. We ask applicants to disclose criminal convictions only when a conditional job offer is made. A conviction does not automatically lead to withdrawal of the offer: we make decisions on a case-by-case basis and take a number of factors into account (e.g. the role you are applying for and the circumstances of the offence). You would have the opportunity to discuss the matter with us before we make a decision.