AWS Cloud Security Architect

Job Description

We are seeking a highly experienced Security Engineer – Cloud Implementation Lead to architect, deploy, and lead enterprise cloud security implementations within AWS environments. This role will be responsible for designing scalable and secure cloud infrastructure using Palo Alto Networks security platforms while driving best practices across AWS-native security services. The ideal candidate combines deep AWS architecture expertise with strong Palo Alto firewall, Prisma Cloud, and cloud network security experience.

Key Responsibilities

• Lead the architecture and implementation of secure AWS cloud environments across multi-account and hybrid deployments.
• Design and deploy Palo Alto Networks VM-Series firewalls, Panorama, and Prisma Cloud within AWS.
• Implement secure AWS network architectures including VPC design, Transit Gateway, Direct Connect, NAT Gateway, Security Groups, and NACLs.
• Develop cloud security reference architectures aligned with NIST, CIS, ISO 27001, and industry best practices.
• Lead Zero Trust network segmentation and micro-segmentation initiatives across AWS workloads.
• Integrate Palo Alto security tools with AWS-native services such as GuardDuty, Security Hub, IAM, CloudTrail, and Config.
• Automate security deployments using Infrastructure-as-Code (Terraform, CloudFormation).
• Conduct cloud security risk assessments, architecture reviews, and threat modeling exercises.
• Provide technical leadership and mentorship to engineering and DevOps teams.
• Support incident response efforts and continuous security posture improvement initiatives.
• Develop and maintain cloud security standards, runbooks, and implementation documentation.

Required Qualifications

• 7+ years of experience in network and cloud security engineering.
• 3+ years of hands-on AWS cloud security architecture and implementation experience.
• Strong expertise with Palo Alto Networks (VM-Series, Prisma Cloud, Panorama, NGFW).
• Deep understanding of AWS networking, IAM, and multi-account security models.
• Experience with Zero Trust architecture and cloud segmentation strategies.
• Proficiency in automation and scripting (Terraform, CloudFormation, Python, Bash).
• Strong knowledge of cloud compliance frameworks and regulatory requirements.

Preferred Certifications

• Palo Alto PCNSE
• AWS Certified Security – Specialty
• AWS Solutions Architect – Professional
• CISSP or equivalent security certification