Overview:
We are seeking an External Perimeter Security Architect for our client on a contract basis. You will lead a security architecture engagement focused on redesigning the external perimeter for both cloud and on-premises environments with the goal of reducing real risk exposure and deliver structured, milestone-based remediation plans that drive informed decisions.
Responsibilities:
Perimeter & Network Security Architecture
Assess, redesign, and reengineer the existing external perimeter. Deliver a feasibility assessment with a phased remediation roadmap, documented in Confluence.
Conduct a connection-by-connection assessment of high-risk network paths, document replacement options, and break findings into milestone-based remediation phases.
Extend architecture controls across on-premise and hybrid cloud environments, ensuring operationally effective security controls that minimize friction for the business.
AWS Security Hardening
Design and implement SCPs, Resource Policies, and VPC Endpoints to enforce isolation
Harden IAM controls and access patterns through guardrails
Configure data flow controls and encryption in transit/at rest
Work across multiple AWS accounts with an ability to prioritize and scale remediation
Embed AI-augmented tooling into architecture review workflows
CI/CD & Infrastructure-as-Code Security
Evaluate and harden CI/CD pipeline architecture and IaC configurations
Ongoing Architecture Review
Maintain correctness throughout the change lifecycle
Establish segmentation and zero-trust enclaves to contain blast radius
Map findings to TTPs to support early detection before remediation is complete
Identify and prioritize key operational risks surfaced during the engagement
Qualifications:
Required Qualifications:
Deep knowledge of traditional network security and SD-WAN
Zero trust architecture
AWS security configuration and best practices across cloud-native services (Control Tower, Security Hub, Config, Guardduty)
Cloud networking, integration patterns, and cross-account security management
Data encryption — at rest and in flight
Preferred Qualifications:
Privileged Access Management fundamentals
CI/CD pipeline security using third-party tools (Ansible, Jenkins, or similar)
Hands-on experience with AI coding agents (e.g., Claude Code, OpenAI Codex, Gemini CLI) — professional or personal