Cloud Security Architect

Summary

The c is a technology and process focused thought-leader with an emphasis in public cloud architecture and engineering. As a lead member of the client's cloud security team, the Cloud Security Architect will help support the infosec functions of policy shaping, architectural reviews, compliance, and assessment while providing direct guidance to product and engineering teams for all public cloud related matters in AWS, GCP and Azure.

Job Responsibilities / Typical Day in the Role

• Act as a Cloud Security Subject Matter Expert (SME) for client’s Infosec department.
• Identify opportunities to reduce cloud security risk for client, solution, and lead implementations.
• Create design artifacts to enable members of the Cloud Security team to implement solutions (built in-house or purchased from vendor).
• Partner with product teams to design secure network and serverless architectures.
• Provide strong IAM Policy guidance to enable product teams to implement least privilege access.
• Review cloud architecture and advise development teams on strong security design principles and identification of issues prior to deployment of systems or features.
• Interface with Public Cloud providers to improve the security feature set of their products
• Interface with cloud security vendors to evaluate features and determine proof-of-value.
• Maintain an awareness of cloud-costs and the cost implications of the security controls implemented.
• Mentor junior members of the team.
• Create and maintain documentation as it relates to cloud security designs/configurations, processes, standards, and recommendations.
• Collaborate with senior management and department leaders to assess near- and long-term cloud security needs.
• Staying current with the latest cloud threat mitigation tools and techniques

Must Have Skills / Requirements

• 5+ years of experience Designing and Implementing systems that support multiple users.; Design, Implementation, and Maintenance of systems used by users.
• 5+ years of experience evaluating technical documentation and diagrams for cloud environments and identify security issues in those designs; Security Architectural Reviews and ability to create design artifacts – including infrastructure diagrams.
• 5+ years of experience reviewing technical configuration and identify mitigating controls for security related misconfigurations; Experience Managing Exception Requests
• Prior GCP Experience

Nice to Have Skills / Preferred Requirements

• AWS Certifications – AWS Solutions Architect, AWS Security Specialty
• GCP Certifications – Associate Cloud Engineer, Professional Security Engineer
• Security Engineer Certifications – CISSP, CompTIA Security+
• Previous Experience with Wiz, Splunk, Brinqa, integrations with Slack and Jira

Soft Skills:

• Excellent verbal and written communication skills with a strong attention to detail.
• Remains productive while rapidly switching context.
• Thirst for knowledge and constantly driven to stay current with evolving threat landscapes.

Technology Requirements:

• Strong understanding of cloud-based infrastructure components with specific understanding of the security risks presented in a decentralized and hybrid environment.
• Broad understanding of information security and compliance risk, and how those apply to Public Cloud.
• Comfortable automating processes start to finish and can work closely with cloud solutions engineering and product teams to help integrate security into their existing processes.
• Proficient in at least one scripting language (python, Nodejs, Golang).
• Core understanding of IP Networking, routing, VPNs.
• Hands-on experience with some the following:
  • Docker and Kubernetes
  • Developing & Securing Serverless applications
  • Security administration in AWS/GCP/Azure
  • GitHub Security
  • Infrastructure as code tools (Pulumi, Ansible, CloudFormation, Terraform)
  • Command Line experience (Bash, Powershell, AWS-CLI)
  • Cloud Network (VPC) engineering
  • Cloud native security related tools (AWS Guard Duty, AWS WAF, GCP Security Center)
  • Elastic Stack

Education / Certifications

• Bachelor’s degree in computer science, Information Security, or related field.

The estimated pay range for this position is USD $90.00/hr - USD $95.50/hr. Exact compensation and offers of employment are dependent on job-related knowledge, skills, experience, licenses or certifications, and location. We also offer comprehensive benefits. The Talent Acquisition Partner can share more details about compensation or benefits for the role during the interview process.