Cloud Security Architect

Job Title: Cloud Security Architect

Job Summary:

The Cloud Security Architect is responsible for designing, implementing, and managing secure architectures across multi-cloud environments (AWS, GCP) and on-premises systems. This hands-on role requires extensive expertise in cloud networking, identity and access management (IAM), and privileged access management (PAM), along with a deep understanding of compliance, governance, and risk management. The ideal candidate will architect security frameworks that enable productivity while ensuring robust security controls, compliance with industry standards, and alignment with business objectives.

Key Responsibilities:

• Cloud Infrastructure Security:
  
• Design, deploy, and manage secure architectures for AWS, GCP, and hybrid environments.
• Configure Virtual Private Clouds (VPCs), secure tunneling, VPN connectivity, and network segmentation.
• Architect security for containerized environments (e.g., Kubernetes, Docker) and serverless applications.

• Identity & Access Management (IAM):
  
• Develop and implement custom IAM solutions that enforce the principle of least privilege.
• Architect and manage role-based access control (RBAC) and integrate Azure SSO for streamlined authentication.
• Design and enforce policies for secure API access and third-party integrations.

• Privileged Access Management (PAM):
  
• Configure and maintain PAM tools (e.g., CyberArk, BeyondTrust) to secure and monitor high-privilege accounts.
• Develop processes for managing, auditing, and reviewing privileged access to critical systems.

• Security Operations & Monitoring:
  
• Implement and manage SIEM solutions, specifically Prisma Cloud, to monitor security events and respond to incidents.
• Develop, test, and maintain incident response plans and security runbooks.
• Perform continuous threat and vulnerability assessments, and lead remediation efforts.

• Compliance, Governance & Risk Management:
  
• Ensure compliance with regulatory frameworks and standards (e.g., NIST, ISO 27001, PCI-DSS, GDPR).
• Lead security risk assessments, threat modeling, and penetration testing initiatives.
• Develop and enforce policies and procedures for cloud and on-premises security governance.

• DevSecOps & Automation:
  
• Integrate security controls into CI/CD pipelines and infrastructure-as-code (IaC) workflows (e.g., Terraform, CloudFormation).
• Automate security monitoring, compliance checks, and incident response processes.

• Collaboration & Stakeholder Management:
  
• Work closely with IT, DevOps, and application teams to embed security throughout the software development lifecycle.
• Provide expert guidance on security architecture during project design and cloud migration initiatives.
• Collaborate with legal, compliance, and risk management teams to align security initiatives with business needs.

• Training & Mentorship:
  
• Develop and deliver security training and awareness programs for technical teams and end-users.
• Mentor junior security engineers and architects in best practices for cloud and on-premises security.

Qualifications:

• Education:
  
• Bachelors or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.

• Experience:
  
• 5+ years in IT security with a proven track record in cloud security architecture and infrastructure management.
• Extensive experience with AWS and GCP cloud platforms, as well as on-premises environments.

• Technical Skills:
  
• In-depth knowledge of cloud architectures, including VPC design, secure tunneling, VPN connectivity, and network segmentation.
• Expertise in designing and implementing custom IAM solutions, enforcing RBAC and the principle of least privilege.
• Hands-on experience with Azure SSO and configuring PAM solutions for secure access management.
• Proficiency in SIEM tools, with specific experience in Prisma Cloud for monitoring and incident response.
• Familiarity with container security (e.g., Kubernetes, Docker), serverless architectures, and related security challenges.
• Strong scripting and automation skills (e.g., Python, Bash) and experience with infrastructure-as-code tools (Terraform, CloudFormation).

• Certifications (Preferred):
  
• CISSP, CCSP, AWS Certified Security – Specialty, Azure Security Engineer Associate, or equivalent certifications.

• Soft Skills:
  
• Excellent analytical, problem-solving, and communication skills.
• Ability to manage multiple projects in a fast-paced environment and work collaboratively across diverse teams.
• Strong leadership and mentoring capabilities.

Additional Attributes:

• Proven ability to balance operational efficiency with strong security measures.
• Strategic thinker with a proactive approach to emerging threats and innovative security solutions.
• Detail-oriented with excellent documentation and reporting skills.