Senior Security Architect | Cloud (Remote)

Who is Trace3

Trace3 is a leading Transformative IT Authority providing unique technology solutions and consulting services to our clients. Equipped with elite engineering and dynamic innovation we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate Automate Innovate.

Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it!

Trace3 is headquartered in Irvine California. We employ more than 1200 people all over the United States. Our major field office locations include Denver Indianapolis Grand Rapids Lexington Los Angeles Louisville Texas San Francisco.

Ready to discover the possibilities that live in technology

Come Join Us!

Street-Smart-Thriving in Dynamic Times

We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the big picture. We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems.

Juice -The Stuff it takes to be a Needle Mover

We get things done and drive results. We lead without a title empowering others through a can-do attitude. We look forward to the goal mentallymapping outevery checkpoint on the pathway to success and visualizing what the final destination looks and feels like.

Teamwork -Humble Hungry and Smart

We are humble individuals who understand how our job impacts the companys mission. We treat others with respect admit mistakes give credit where its due and demonstrate transparency. We bring the weather by exhibiting positive leadership and solution-focused thinking. We hug people in their trials struggles and failures not just their success. We appreciate the individuality of the people around us.

Job Summary:

The Sr. Cloud Security Architect is a Subject Matter Expert (SME) responsible for supporting account management teams throughout the pre and post sales lifecycle to drive cloud security solution adoption and customer success. This role partners with sales customer success and delivery teams to shape secure scalable architectures across AWS Azure GCP and private cloud stacks aligning cloud security capabilities with client needs and business outcomes.

As a cloud security SME this individual leads technical discovery sessions client workshops and executive briefings offering deep expertise in Cloud Security Posture Management (CSPM) Cloud Workload Protection Platforms (CWPP) and Cloud Infrastructure Entitlement Management (CIEM). They play a key role in articulating risk designing security architectures performing technical assessments and positioning solutions in competitive pre-sales environments.

This role is focused on technical leadershipwith an emphasis on cloud architecture design automation threat modeling and remediation guidance. The SME also supports proposal development RFP responses and both account team and delivery partner enablement to improve win rates and strengthen client confidence in cloud security solutions.

Key Responsibilities

Cloud Security Architecture & Hardening

• Serve as the pre-sales Subject Matter Expert (SME) for cloud security providing architectural leadership across AWS Azure and GCP. Public cloud knowledge beyond the big three (OCP IBM etc.) and private cloud knowledge of solutions such as VMWare OpenShift & OpenStack are all a plus.
• Design and articulate secure multi-cloud architectures aligned with customer goals risk posture and compliance requirements.
• Lead security posture assessments using established frameworks (CIS Benchmarks NIST 800-190 CSA CCM OWASP SAMM) to uncover strategic remediation and customer program development opportunities.
• Guide the secure configuration and hardening of IaaS PaaS and SaaS environments with emphasis on least privilege secure networking and workload protection.
• Collaborate with DevOps and platform engineering teams to embed security into CI/CD pipelines and infrastructure as code.

Security Assessments & Threat Modeling

• Lead technical discovery efforts and workshops to evaluate IAM data protection (DSPM DLP) encryption and cloud-native compute and network controls.
• Conduct cloud attack surface assessments across containerized apps serverless functions and managed services to identify and communicate risk.
• Support pre-sales threat modeling efforts helping clients visualize and mitigate risks in proposed or existing cloud architectures.
• Evaluate and position CSPM CWPP and CIEM solutions (e.g. Wiz Prisma Cloud Orca Microsoft Defender for Cloud) in alignment with client needs.

Cloud Security Operations & Automation

• Advise on real-time cloud detection and response strategies using SIEMs XDR/XSIAM and native CSP tools (e.g. GuardDuty Azure Sentinel).
• Architect automated security workflows using IaC (Terraform Pulumi CloudFormation) and policy-as-code (OPA/Rego) to enforce guardrails and accelerate remediation.
• Integrate cloud security telemetry with existing SOC pipelines enhancing detection coverage and threat correlation.
• Develop and support cloud-specific incident response strategies covering threats like identity compromise container breakout and API abuse.

Cross-Team Collaboration & Pre-Sales Leadership

• Act as the technical lead and SME during pre-sales engagements supporting solution scoping client presentations and proposal development.
• Partner with account teams to align cloud security strategies with business priorities and regulatory requirements (PCI HIPAA FedRAMP etc.).
• Deliver internal enablement sessions and develop reusable assets (e.g. reference architectures RFP content service briefs) to support scalable pre-sales execution.
• Engage directly with client executives architects and engineers to instill confidence in proposed cloud security solutions and services.
• Partner with external delivery teams to align proposal objectives with delivery capabilities focusing on success criteria for all three involved parties End Customer Trace3 & Partner delivery organization.

Qualifications

• Bachelors degree in Cybersecurity Computer Science Information Technology or a related field or equivalent professional experience.

Certifications (Preferred):

• AWS Certified Solutions Architect Professional DevOps Engineer Professional Security Specialty
• Microsoft Azure Security Engineer Administrator Associate; Solutions Architect and DevOps Engineer Expert
• GCP Cloud Architect Security Engineer DevOps Engineer Network Engineer
• CISSP

Experience

• 7 years of hands-on experience in cloud security cloud architecture or security engineering roles.
• Deep expertise in AWS Azure and/or GCP security models native controls identity frameworks and architectural best practices.
• Proven track record conducting cloud security risk assessments architecture reviews and technical remediation planning.
• Experience implementing or evaluating cloud security platforms such as Wiz Orca Sysdig Prisma Cloud Lacework AWS Security Hub Azure Security Center or GCP Security Command Center.
• Working knowledge of cloud security compliance standards and frameworks (e.g. CIS Benchmarks NIST 800-53 NIST 800-190 SOC 2 ISO 27001 PCI-DSS)
• Proven success collaborating within cross-functional teams including sales engineering DevOps compliance customer success professional service delivery and operations.
• Adaptability in fast-paced dynamic environments with shifting priorities and the demands of multiple stakeholders.
• Experience mentoring peers or leading internal knowledge-sharing initiatives to raise overall cloud security maturity across teams.

Skills

• Proficiency in CNAPP platforms (e.g. Wiz Sysdig Orca) and their application in pre-sales solutioning and client demonstrations.
• Strong skills in cloud IAM hardening secure network design encryption strategies and centralized logging and monitoring architectures.
• Hands-on experience building and securing infrastructure using IaC tools (Terraform CloudFormation Pulumi) and enforcing policy-as-code (OPA/Rego).
• Ability to assess and communicate risks related to misconfigurations over-permissioned roles and exposed services across multi-cloud environments.
• Experience with container and Kubernetes security including workload protection RBAC image scanning and runtime controls.
• Excellent communication and presentation skills with the ability to translate technical findings into strategic business-aligned recommendations for both technical and executive stakeholders

The Perks

• Comprehensive medical dental and vision plans for you and your dependents
• 401(k) Retirement Plan with Employer Match 529 College Savings Plan Health Savings Account Life Insurance and Long-Term Disability
• Competitive Compensation
• Training and development programs
• Stocked kitchen with snacks and beverages
• Collaborative and cool culture
• Work-life balance and generous paid time off

Our Commitment

At the core of Trace3s DNA is our people. We are a diverse group of talented individuals who understand the importance of teamwork and demonstrating leadership character and passion in all that we do.

Were committed to fostering an inclusive workplace where everyone feels respected valued and empowered to grow. We recognize that embracing diversity drives innovation improves outcomes fosters collaboration boosts teammate satisfaction and builds a more inclusive culture.

As an equal opportunity employer Trace3 bases all employment decisions based on individual qualifications merit and business requirements. We do not engage in discrimination on the basis of race color religion sex (including gender identity sexual orientation and pregnancy) national origin age (40 or older) disability genetic information or any other characteristic protected by federal state or local law.

Any demographic information provided is strictly voluntary kept confidential in accordance with Equal Employment Opportunity (EEO) regulations and will not be used in employment decisions including hiring promotions or mentorship programs. We are committed to providing equal employment opportunities for all.

If you require a reasonable accommodation to complete the application process or participate in an interview please email.

***To all recruitment agencies:Trace3 does not accept unsolicited agency resumes/CVs. Please do not forward resumes/CVs to our careers email addresses Trace3 employees or any other company location. Trace3 is not responsible for any fees related to unsolicited resumes/CVs.