Job Title: Cloud Security Architect (Public Sector TX HHSC)
Client: TX HHSC
Visa: GC-EAD & EAD
Location: Austin, TX (Hybrid 2 Days Onsite: Mon & Thurs | Local Only)
Duration: 780 Hours (Through 08/31/2026) + Extensions
Rate: $70/hr on C2C
Must-Have Requirements (Strict Screening Criteria)
Public Sector / Government Experience (MANDATORY) Candidates without this will be rejected immediately
Client Domain Experience: Health & Human Services / Medicaid / Benefits / Pension Systems
Local to Texas (Within 50 Miles of Austin)
Strong ATS keyword alignment (Client uses AI-based resume screening tools)
Role Overview
The Cloud Security Architect will lead the design and implementation of secure, scalable, and compliant cloud architectures across cloud-native, microservices, and AI-driven platforms. This role is critical in enabling digital transformation, modernization, and Zero Trust adoption while ensuring compliance with state and federal security frameworks.
Technical Stack & Core Responsibilities
Cloud Platforms & Architecture
AWS (Primary): EC2, S3, VPC, IAM, Lambda, API Gateway, CloudTrail, CloudWatch
Azure (Nice to Have): Azure AD, Defender for Cloud, Key Vault
Cloud-native architecture, multi-cloud/hybrid cloud environments
Infrastructure as Code (IaC): Terraform, AWS CloudFormation
Security Frameworks & Compliance
Texas Cybersecurity Framework (TCF)
NIST 800-53, NIST CSF
FedRAMP, HIPAA, IRS Publication 1075
Risk Management Framework (RMF)
Identity & Access Management (IAM)
AWS IAM, Azure AD, RBAC, ABAC
Zero Trust Architecture (ZTA)
Multi-Factor Authentication (MFA), SSO (SAML, OAuth2, OIDC)
Privileged Access Management (PAM)
Threat Modeling & Security Design
STRIDE, DREAD methodologies
Secure SDLC (SSDLC)
Architecture Risk Analysis
Security Design Reviews & Secure-by-Design principles
DevSecOps & Automation
CI/CD Tools: Jenkins, GitHub Actions, Azure DevOps
Security Integration: SAST, DAST, SCA tools (SonarQube, Checkmarx, Veracode, Snyk)
Container Security: Docker, Kubernetes (EKS/AKS), OpenShift
Secrets Management: HashiCorp Vault, AWS Secrets Manager
Application & API Security
API Gateway Security, OAuth2, JWT
Web Application Firewall (WAF), API Security Testing
Microservices Security Architecture
OWASP Top 10 Mitigation
Cloud Security Posture & Monitoring
CSPM Tools: Prisma Cloud, Wiz, AWS Security Hub
SIEM Tools: Splunk, ELK Stack, IBM QRadar
Logging & Monitoring: CloudWatch, Azure Monitor
Incident Response & Threat Detection
Data Security & Privacy
Encryption: AES-256, TLS 1.2+
Data Classification & Governance
PII / PHI Data Protection
Data Loss Prevention (DLP)
AI / ML Security (Preferred)
Securing LLM-based systems
AI data pipelines & model security
Prompt injection & model risk mitigation
Minimum Qualifications
Years
Requirement
Details
8+
Required
Information Security Architecture & Cloud Security (AWS preferred)
8+
Required
Cloud-native architecture & distributed systems security
8+
Required
TCF, NIST 800-53 compliance implementation
8+
Required
IAM, Zero Trust Architecture
8+
Required
Threat Modeling & Risk Assessment
8+
Required
Microservices, API, and Container Security
8+
Required
CSPM tools & Cloud Security Monitoring
8+
Required
DevSecOps integration & secure CI/CD pipelines
4+
Preferred
AI/ML & LLM Security
4+
Preferred
Data Protection (PII/PHI)
4+
Preferred
Executive-level Risk Presentation
4+
Preferred
Security Policies & Architecture Standards
2+
Preferred
Certifications: CISSP, CISM, AWS Security Specialty
Key Skills (ATS Keywords)
Cloud Security, AWS Security, Zero Trust, IAM, DevSecOps, Kubernetes Security, API Security, NIST 800-53, TCF, Terraform, SIEM, CSPM, Threat Modeling, Data Protection, AI Security, Microservices Security
Never miss an opportunity! Create an alert based on the job you applied for.
