Cloud Security Architect

One of our clients in the government domain is seeking a Cloud Security Architect. The CloudSecurity Architect is responsible for the establishment of the Cloud Security Architecture program within ODJFS.

Cloud Security Architect

Remote

In-Person Interview

Columbus, Ohio

Long Term Contract

Responsibilities:

• Leading the evaluation, selection, and implementation of Cloud Security detection and monitoring tools (i.e. Microsoft Defender for Cloud, Defender for Identity)
• These tools will monitor and scan Cloud workloads and servers to ensure they are securely configured (configuration management) and not vulnerable.
• Work with DAS teams for implementation
• Workloads, containers, and orchestration (i.e.Docker /Kubernetes) security
• Leading and Incorporating Cloud Security Architecture into the DevSecOps /DevOps program
• Update any related Policy documents
• Established Standard Operating Procedures around and for Cloud Security Architecture
• Reviewing solutions for compliance to CloudSecurity
• Participating on Project Teams to advise on CloudSecurity
• Training Security Team members in related tools and processes (DAS and JFS)
• Knowledge transfer

Required Skills:

• Cloud Platforms (IaaS, PaaS, SaaS), (3 Years Experience required)

1. Deep understanding of AWS,Azure, and/or Google Cloud Platform (Google Cloud Platform)
2. Familiarity with cloud-native services (e.g., IAM, VPC, KMS, Security Groups)

• Security Architecture & Design

1. Designing secure cloud architectures
2. Applying Zero Trust principles
3. Understanding of shared responsibility models

• Identity and Access Management (IAM)

1. Role-based access control (RBAC)
2. Single Sign-On (SSO), MFA, and federated identity
3. Privileged access management

• Network Security

1. Firewalls, VPNs, segmentation, and secure connectivity
2. Cloud-native network security tools (e.g., AWS Security Groups, Azure NSGs)

• Data Protection

1. Encryption at rest and in transit
2. Key management systems (KMS, HSM)
3. Data classification and loss prevention (DLP)

• Compliance & Governance

1. Familiarity with standards like NIST,CIS, ISO 27001, SOC 2,HIPAA, GDPR
2. Policy-as-code (e.g., using tools like OPA, Sentinel)

• DevSecOps & Automation

1. Integrating security into CI/CD pipelines
2. Infrastructure as Code (IaC) security (e.g., Terraform, CloudFormation)
3. Security scanning tools (e.g., Snyk, Checkov)

Threat Modeling & Risk Assessment

1. Identifying and mitigating cloud-specific threats
2. Using frameworks like STRIDE or MITRE ATT&CK for Cloud

Desired Certifications/Skills:

• Certified Cloud Security Professional (CCSP)
• AWS Certified Security – Specialty
• Microsoft Certified: Azure Security Engineer Associate
• Google Professional Cloud Security Engineer
• CISSP (for broader security architecture knowledge)