Cloud Security Architect

Markham - Canada

Monthly Salary: $ 90 - 95

Posted on: 24-10-2025

Vacancies: 1 Vacancy

Job Summary

# AVICJP

Profil

Cloud Security Architect

Drive AWS cloud security strategy in the insurance industry with a senior-level role focused on secure architecture compliance and automation. Leverage your expertise in AWS services threat detection and identity management in a hybrid multi-account environment. Opportunity to lead security-by-design in a regulated sector.

What is in it for you:

Salaried: $90-95 per hour.

Incorporated Business Rate: $104-109 per hour.

12-month contract with the potential for permanent employment.

Full-time position: 37.50 hours per week.

Hybrid model 3 days per week on-site.

Attendance on Tuesday and Wednesday is mandatory.

Responsibilities:

Design and implement secure landing zones using AWS Control Tower AWS Organizations and Service Control Policies (SCPs).

Define multi-account security guardrails for shared services workloads and sandbox environments.

Create reference architectures covering security zones network segmentation and cross-account communication (PrivateLink AWS WAN).

Lead threat modelling and risk assessments for new workloads and services including Lambda ECS EC2 S3 RDS and DynamoDB.

Develop security-by-design templates integrated into Infrastructure as Code (IaC) pipelines.

Partner with compliance teams to maintain continuous alignment with CIS Benchmarks and organizational risk frameworks.

Implement federated access and single sign-on with AWS IAM Identity Center (AWS SSO) Okta and Azure AD.

Manage cross-account roles STS trust policies and temporary credentials for developers and third parties.

Automate secret and credential rotation with AWS Secrets Manager and AWS Systems Manager Parameter Store.

Enforce encryption at rest using AWS KMS CloudHSM and envelope encryption patterns.

Ensure encryption in transit (TLS 1.2/1.3) across internal and public endpoints.

Manage key rotation cross-region replication and HSM-based root of trust.

Implement S3 Object Lock Macie for data discovery and classification and Access Points for fine-grained data access.

Implement PrivateLink AWS WAN and Route 53 Resolver endpoints for service-to-service isolation.

Configure Web Application Firewall (WAF) and AWS Shield Advanced for DDoS mitigation.

Enforce egress control through Cloud NAT AWS Gateway Load Balancer (GWLB) or custom proxies.

Deploy and integrate AWS Security Hub GuardDuty Macie and Inspector for proactive threat detection.

Configure Amazon Detective for forensic investigation and anomaly correlation.

Integrate findings into SIEM/SOAR platforms such as FortiSOAR or Azure Sentinel.

Automate response playbooks with AWS Step Functions Lambda and SNS alerts.

Implement AWS Config rules and Conformance Packs to enforce compliance with benchmarks like CIS AWS Foundations.

Use AWS Artifact for vendor assurance and control documentation.

Manage compliance dashboards via Security Hub Trusted Advisor and Control Tower drift detection.

What you will need to succeed:

Bachelors degree in Computer Science Information Security or related field.

AWS Certified Security Specialty.

AWS Certified Solutions Architect Professional.

CISSP CISM CCSP GCSA or GIAC Cloud Security Automation certification.

8 years of experience in cybersecurity.

4 years of experience in AWS cloud security architecture.

Deep understanding of the AWS Well-Architected Framework (Security Pillar).

Strong hands-on expertise in AWS identity and access management encryption network segmentation and compliance.

Familiarity with AWS security services including GuardDuty Inspector Security Hub and Macie.

Experience automating security controls using AWS native tools and IaC pipelines.

Proficiency in incident response using Step Functions Lambda and Systems Manager.

Experience integrating with SIEM/SOAR platforms such as FortiSOAR or Azure Sentinel.

Why Recruit Action

Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach to job seekers and businesses. Only candidates who match hiring criteria will be contacted.

# AVICJP

Required Skills:

Cloud Security Architect Drive AWS cloud security strategy in the insurance industry with a senior-level role focused on secure architecture compliance and automation. Leverage your expertise in AWS services threat detection and identity management in a hybrid multi-account environment. Opportunity to lead security-by-design in a regulated sector. What is in it for you: Salaried: $90-95 per hour. Incorporated Business Rate: $104-109 per hour. 12-month contract with the potential for permanent employment. Full-time position: 37.50 hours per week. Hybrid model 3 days per week on-site. Attendance on Tuesday and Wednesday is mandatory. Responsibilities: Design and implement secure landing zones using AWS Control Tower AWS Organizations and Service Control Policies (SCPs). Define multi-account security guardrails for shared services workloads and sandbox environments. Create reference architectures covering security zones network segmentation and cross-account communication (PrivateLink AWS WAN). Lead threat modelling and risk assessments for new workloads and services including Lambda ECS EC2 S3 RDS and DynamoDB. Develop security-by-design templates integrated into Infrastructure as Code (IaC) pipelines. Partner with compliance teams to maintain continuous alignment with CIS Benchmarks and organizational risk frameworks. Implement federated access and single sign-on with AWS IAM Identity Center (AWS SSO) Okta and Azure AD. Manage cross-account roles STS trust policies and temporary credentials for developers and third parties. Automate secret and credential rotation with AWS Secrets Manager and AWS Systems Manager Parameter Store. Enforce encryption at rest using AWS KMS CloudHSM and envelope encryption patterns. Ensure encryption in transit (TLS 1.2/1.3) across internal and public endpoints. Manage key rotation cross-region replication and HSM-based root of trust. Implement S3 Object Lock Macie for data discovery and classification and Access Points for fine-grained data access. Implement PrivateLink AWS WAN and Route 53 Resolver endpoints for service-to-service isolation. Configure Web Application Firewall (WAF) and AWS Shield Advanced for DDoS mitigation. Enforce egress control through Cloud NAT AWS Gateway Load Balancer (GWLB) or custom proxies. Deploy and integrate AWS Security Hub GuardDuty Macie and Inspector for proactive threat detection. Configure Amazon Detective for forensic investigation and anomaly correlation. Integrate findings into SIEM/SOAR platforms such as FortiSOAR or Azure Sentinel. Automate response playbooks with AWS Step Functions Lambda and SNS alerts. Implement AWS Config rules and Conformance Packs to enforce compliance with benchmarks like CIS AWS Foundations. Use AWS Artifact for vendor assurance and control documentation. Manage compliance dashboards via Security Hub Trusted Advisor and Control Tower drift detection. What you will need to succeed: Bachelors degree in Computer Science Information Security or related field. AWS Certified Security Specialty. AWS Certified Solutions Architect Professional. CISSP CISM CCSP GCSA or GIAC Cloud Security Automation certification. 8 years of experience in cybersecurity. 4 years of experience in AWS cloud security architecture. Deep understanding of the AWS Well-Architected Framework (Security Pillar). Strong hands-on expertise in AWS identity and access management encryption network segmentation and compliance. Familiarity with AWS security services including GuardDuty Inspector Security Hub and Macie. Experience automating security controls using AWS native tools and IaC pipelines. Proficiency in incident response using Step Functions Lambda and Systems Manager. Experience integrating with SIEM/SOAR platforms such as FortiSOAR or Azure Sentinel. Why Recruit Action Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach to job seekers and businesses. Only candidates who match hiring criteria will be contacted. # AVICJP

# AVICJPProfilCloud Security ArchitectDrive AWS cloud security strategy in the insurance industry with a senior-level role focused on secure architecture compliance and automation. Leverage your expertise in AWS services threat detection and identity management in a hybrid multi-account environment....