Cloud Security Architect

We are looking for a Cloud Security Architect to design and secure scalable cloud infrastructures, leading the implementation of security controls and compliance across enterprise environments.

Responsibilities:

• Design and implement secure AWS cloud architectures across internal environments and customer-facing platforms.
• Lead the development and execution of cloud security strategies, aligning with industry best practices and compliance requirements.
• Evaluate and deploy cloud-native and third-party security tools (e.g., vulnerability scanners, WAFs, IDS/IPS, endpoint protection).
• Conduct risk assessments, identify security gaps, and provide remediation strategies for cloud infrastructure.
• Develop and enforce secure access management processes, ensuring least-privilege and proper segmentation.
• Collaborate with DevOps, Engineering, and Network teams to integrate security into CI/CD pipelines and infrastructure as code.
• Monitor and improve cloud security posture using native AWS services or equivalent tools.
• Support incident response efforts and provide forensic analysis in cloud environments.
• Maintain detailed documentation including architecture diagrams, security policies, and technical standards.

Required Skills and Qualifications:

• 10+ years in Information Security with 3+ years in a Cloud Security Architect role.
• Minimum 3+ years of hands-on experience designing and securing AWS cloud infrastructure.
• Experience with AWS security services (IAM, KMS, CloudTrail, GuardDuty, Security Hub, etc.).
• Implement threat detection, logging, and monitoring strategies using AWS native tools (e.g., CloudWatch, CloudTrail, GuardDuty) and SIEM integration.
• Proficiency in cloud deployment models (IaaS, PaaS, SaaS), and experience with containers, serverless, and infrastructure as code (e.g., CloudFormation, Terraform).
• Familiarity with GRC processes and tools to support audit, evidence collection, and policy enforcement.
• Familiarity with security standards and frameworks such as CIS Benchmarks, NIST, and Zero Trust.
• Knowledge of compliance frameworks ( NERC CIP, NIST CSF, ISO 27001).
• Scripting or automation experience (Python, Ansible).
• Experience with network security controls including firewalls, VPN, routing, segmentation, and secure protocols.
• Experience with hybrid cloud environments and exposure to other cloud platforms (e.g., Azure or Google Cloud Platform) is a plus.
• Strong communication skills with the ability to present security concepts to technical and non-technical stakeholders.
• Good to have: CISSP or CCSP or CISM or AWS Security certifications.