Role: Cloud Security Architect (AWS)

Location: Irvine, CA (Onsite)

Experience: 10+ Years

Job Summary

We are seeking a highly experienced Cloud Security Architect to lead security architecture for a large-scale Data Center Exit to AWS initiative. This role focuses on designing and implementing enterprise-grade security controls across AWS environments, ensuring secure migration, compliance, and operational resilience.

The ideal candidate will have deep expertise in AWS security services, multi-account architecture, vulnerability management, and secure-by-design principles, with experience supporting mission-critical enterprise workloads.

Key Responsibilities

Cloud Security Architecture

• Lead the design and implementation of secure AWS architectures for Data Center Exit programs
• Define and implement AWS Landing Zone security, including:
  • IAM guardrails
  • Service Control Policies (SCPs)
  • Centralized logging and monitoring
• Establish security baselines aligned with CIS, NIST, and ISO frameworks

Identity, Access & Encryption

• Design and enforce IAM strategies, including least privilege and role-based access
• Implement encryption standards using AWS KMS for data at rest and in transit
• Validate authentication and authorization models across all workloads
• Support identity federation and secure access controls

Threat Detection & Monitoring

• Implement and manage AWS security services such as:
  • AWS WAF
  • GuardDuty
  • CloudTrail
  • Security Hub
• Integrate AWS security telemetry with SIEM platforms for continuous monitoring
• Define and implement detective and preventive controls

Application & Infrastructure Security

• Conduct vulnerability assessments (VAPT) and define remediation strategies
• Implement:
  • Web Application Firewall (WAF) rules
  • Network segmentation and firewall policies
  • Endpoint protection controls
• Support secure development practices including code reviews and DevSecOps alignment

Migration Security & Governance

• Secure workloads during migration from on-premise to AWS EC2
• Ensure data consistency, integrity, and compliance during migration phases
• Design security for hybrid architectures and integration-heavy systems
• Support migration tools and enforce governance policies

Container & Platform Security

• Design security for EKS/Kubernetes environments, including:
  • Pod and network policies
  • Image scanning and runtime protection
• Secure cloud-native and distributed workloads

Risk Management & Compliance

• Lead penetration testing cycles and coordinate remediation efforts
• Produce:
  • Security architecture documents (HLD/LLD)
  • Risk assessments
  • Operational security runbooks
• Ensure adherence to enterprise and regulatory compliance standards

Required Skills

• Strong expertise in AWS security services:
  • IAM, KMS, CloudTrail, GuardDuty, WAF
• Experience designing AWS multi-account Landing Zones and governance models
• Deep understanding of:
  • Identity and access management
  • Encryption and key management
  • Zero Trust architecture and least privilege principles
• Hands-on experience with vulnerability assessment tools:
  • Nessus, Qualys, Burp Suite, Fortify, Checkmarx
• Strong knowledge of:
  • Network security (firewalls, IDS/IPS, segmentation)
  • OS-level security (Windows Server, RHEL)
• Experience securing databases (Oracle, SQL Server, Exadata on AWS)
• Strong collaboration and stakeholder management skills

Preferred Skills

• Experience with AWS Shield and advanced threat protection tools
• Knowledge of integration security for Java, .NET, and TIBCO ESB workloads
• Experience with DevSecOps and CI/CD security integration
• Certifications such as:
  • AWS Certified Security Specialty
  • CISSP / CISM / CCSP