Cloud Security Architect

POSITION SUMMARY:

As the Cloud Security Architect, you will have the opportunity to shape the vision and strategy for public and provide cloud security at Bass Pro Shops. The successful candidate should have expertise in building enterprise cloud security solutions, extensive experience in using services provided by Azure, Google Cloud Platform, AWS, and other private & public cloud services. The candidate should have deep expertise information security solutions across cloud services. The ideal candidate will provide technical leadership to drive and shape the cloud security architecture. The Cloud Security Architect will also develop strategic roadmaps, technical blueprints & design patterns, standards, and reference architectures in support of the cloud services program. This role will collaborate with cross-functional teams at Bass Pro Shops including security, infrastructure, engineering and business application teams to define and implement future state architecture such as: perimeter/edge security, account and VPC structure, SDN, IAM roles and policies required to build, support, and consume cloud services. Define and develop preventive guardrails, detective controls, and automated alerts and remediation to ensure implementation in all cloud environments are compliant with Bass Pro Shops' cloud security standards and policies. Possess a DevOps focus across technology and security architecture, automation, integration, and distribution. CISSP certification is preferred and accredited certifications a plus, such as: CRTSA, CNDA, GDSA, CSSA, ISSAP, CSSP.

ESSENTIAL FUNCTIONS:

• DevSecOps & Cloud Security Automation:
• Integrate security testing and compliance validation (SAST, DAST, SCA) into CI/CD workflows using tools such as Git, Jenkins, Ansible, Terraform, and container registries.
• Develop and maintain security-as-code and policy-as-code models to enforce preventive and detective controls at scale.
• Champion "shift-left" principles by embedding security tooling and practices early in the development lifecycle.
• Drive the adoption of automated incident response, vulnerability management, and threat detection workflows across cloud environments.
  
  Cloud Security Architecture & Governance:
• Architect secure cloud-native solutions in Azure, Google Cloud Platform, and private cloud platforms with an emphasis on zero-trust principles, SDN, and identity management (IAM, RBAC, ABAC).
• Define and implement security controls for virtual networks, perimeter defenses, workload isolation, data protection, and encryption.
• Design and operationalize controls leveraging CSPM, CWPP, and CASB technologies.
• Build and maintain secure landing zones, reference architectures, and reusable blueprints aligned with cloud governance models.
  
  Standards, Strategy & Innovation:
• Establish and continuously improve enterprise cloud security policies, technical standards, and reusable guardrails.
• Conduct threat modeling and risk assessments for cloud-based applications and infrastructure.
• Evaluate and prototype emerging DevSecOps and cloud security technologies.
• Lead the architecture review board processes to ensure alignment with enterprise risk tolerance and regulatory standards.
  
  Leadership & Collaboration:
• Serve as the key security architecture advisor to cloud engineering and platform teams.
• Provide strategic direction for securing containerized and serverless applications, identity and access policies, and cloud-native DevOps toolchains.
• Collaborate with audit, risk, and compliance teams to ensure that cloud environments meet regulatory requirements.
• Mentor engineers and architects on secure cloud patterns, platform-native controls, and DevSecOps adoption.
• ALL OTHER DUTIES AS ASSIGNED

EXPERIENCE/QUALIFICATIONS:

• Bachelor's degree in Computer Science, Engineering, or a related discipline, or equivalent work experience
• 10+ years of experience in IT architecture or cloud security engineering
• 5+ years of hands-on experience building and securing cloud environments in Azure, Google Cloud Platform, or private cloud infrastructure
• 5+ years working with DevSecOps practices, including CI/CD pipelines, IaC, and automated security testing
• Proven experience with container security, cloud identity, and DevOps security tools (e.g., Terraform, GitHub Actions, Jenkins, SonarQube, HashiCorp Vault)
• Deep knowledge of cloud-native security services within Azure (e.g., Defender for Cloud, Azure Policy, Key Vault) and Google Cloud Platform (e.g., Security Command Center, Identity-Aware Proxy)
• Exercises strategic influence over cloud security direction and decision-making
• Drives independent initiatives with high levels of autonomy and impact
• Professional certifications in cloud or security domains (e.g., Microsoft Certified: Azure Security Engineer Associate, Google Cloud Platform Professional Cloud Security Engineer, CISSP, GCSA, CCSP) preferred.
• Understanding of compliance standards such as NIST 800-53, ISO 27001, SOC 2, and PCI DSS preferred.
• Experience with zero-trust networking, SDN, and cloud-native application security preferred.

TRAVEL REQUIREMENTS:

• Occasional travel to visit key facilities or in support of team meetings (less than 15%)

PHYSICAL REQUIREMENTS:

• Regularly performs computer work and sits.
• Occasionally walks and stands.
• Seldom/never lifts up to 50lbs.

INDEPENDENT JUDGEMENT:

• Develops strategic direction, goals, plans and policies for an area of responsibility. Sets broad objectives and is accountable for overall results in respective area of responsibility. Authority to make independent decisions on matters of significance. Requires high degree of independent judgment and problem solving of complex problems.

Full Time Benefits Summary:
Enjoy discounts on retail merchandise, our restaurants, world-class resorts and conservation attractions!

• Medical
• Dental
• Vision
• Health Savings Account
• Flexible Spending Account
• Voluntary benefits
• 401k Retirement Savings
• Paid holidays
• Paid vacation
• Paid sick time
• Bass Pro Cares Fund
• And more!

Bass Pro Shops is an equal opportunity employer. Hiring decisions are administered without regard to race, color, creed, religion, sex, pregnancy, sexual orientation, gender identity, age, national origin, ancestry, citizenship status, disability, veteran status, genetic information, or any other basis protected by applicable federal, state or local law.

Reasonable Accommodations

Qualified individuals with known disabilities may be entitled to reasonable accommodation under the Americans with Disabilities Act and certain state or local laws.
If you need a reasonable accommodation for any part of the application process, please visit your nearest location or contact us at
Bass Pro Shops