As Cloud Security Architect, you will work side by side with our Development, Operations, Business units, and Enterprise Architecture teams to ensure our environments are secured and monitored. The right person for this role will have a broad technical cloud security background with a focus on security design, detection, prevention and response to security threats.
- Collaborate with a team of Security Engineers in solution architecture reviews and guidance for Technology projects through being tightly integrated with our internal SDLC process.
- Serve as a subject matter expert for cloud security, providing guidance on industry best practices.
- Create best-of-class cloud security architecture designs and patterns using defensible industry reference architectures and standards.
- Document, socialize, maintain and train key stakeholders on security requirements that enables secure design and build of solutions.
- Conduct project security reviews to identify cloud security risk and oversee the implementation of approved recommendations on cloud security designs.
- Analyze potential impact of new threats and exploits, develop and implement solutions to mitigate those threats, and communicate risks to relevant business units.
- Identify, design and build secure solutions that can be adopted and deployed into a highly available production environment.
- Participate in the evaluation, selection and implementation of technology solutions including providing detailed analysis of pros and cons.
- Stay up to date on the latest cloud security trends, technologies, and best practices, and share knowledge with the team to continuously improve corporate cloud security posture.
- Attend and provide feedback in meetings to capture key action items, discussion points, and deliver executive level status updates to all stakeholders as required.
- Develop, track and report relevant metrics (KPIs, KRIs, OKRs), scheduled activities, and milestones to executives monthly that reflect execution statuses, risks and opportunities.
- Evaluate and assess security threats across a variety of environments.
- 6+ years of experience in cloud security
- 6+ years’ experience securing and architecting cloud-based infrastructures, preferably AWS.
- 6+ years of experience working knowledge of information security controls, guidelines and standards (e.g., ISO27000 series, OWASP, CSA CCM, CIS 20 Critical Security Controls, SOX, and NIST).
- CCSP/Other Cloud Specific Certification, CISSP and/or GIAC
- 6+ years of experience with technical knowledge/coding skills in any of the following: Java, C# .NET, Ruby and/or Python
Preferences: (very helpful)
- In-depth knowledge of AWS and its core services, including EC2, S3, IAM, VPC, and security-related services like security groups, ACLs AWS Security Hub, AWS WAF, and Amazon GuardDuty.
- Significant experience in security automation and orchestration in cloud implementations
- Working knowledge of Terraform, Cloud Formation, Pulumi, and/or Ansible.
- Solid experience securing scalable web architectures and distributed systems.
- Solid understanding of malware, emerging threats, attacks, and vulnerability management