Cloud Security Architect (AWS)
Share
Job Location:
Irvine, CA - USA
Monthly Salary:
Not Disclosed
Posted on:
6 hours ago
Vacancies:
1 Vacancy
Job Summary
Role: Cloud Security Architect (AWS)
Location: Irvine CA (Onsite)
Experience: 10 Years
Job Summary
We are seeking a highly experienced Cloud Security Architect to lead security architecture for a large-scale Data Center Exit to AWS initiative. This role focuses on designing and implementing enterprise-grade security controls across AWS environments ensuring secure migration compliance and operational resilience.
The ideal candidate will have deep expertise in AWS security services multi-account architecture vulnerability management and secure-by-design principles with experience supporting mission-critical enterprise workloads.
Key Responsibilities
Cloud Security Architecture
- Lead the design and implementation of secure AWS architectures for Data Center Exit programs
- Define and implement AWS Landing Zone security including:
- IAM guardrails
- Service Control Policies (SCPs)
- Centralized logging and monitoring
- Establish security baselines aligned with CIS NIST and ISO frameworks
Identity Access & Encryption
- Design and enforce IAM strategies including least privilege and role-based access
- Implement encryption standards using AWS KMS for data at rest and in transit
- Validate authentication and authorization models across all workloads
- Support identity federation and secure access controls
Threat Detection & Monitoring
- Implement and manage AWS security services such as:
- AWS WAF
- GuardDuty
- CloudTrail
- Security Hub
- Integrate AWS security telemetry with SIEM platforms for continuous monitoring
- Define and implement detective and preventive controls
Application & Infrastructure Security
- Conduct vulnerability assessments (VAPT) and define remediation strategies
- Implement:
- Web Application Firewall (WAF) rules
- Network segmentation and firewall policies
- Endpoint protection controls
- Support secure development practices including code reviews and DevSecOps alignment
Migration Security & Governance
- Secure workloads during migration from on-premise to AWS EC2
- Ensure data consistency integrity and compliance during migration phases
- Design security for hybrid architectures and integration-heavy systems
- Support migration tools and enforce governance policies
Container & Platform Security
- Design security for EKS/Kubernetes environments including:
- Pod and network policies
- Image scanning and runtime protection
- Secure cloud-native and distributed workloads
Risk Management & Compliance
- Lead penetration testing cycles and coordinate remediation efforts
- Produce:
- Security architecture documents (HLD/LLD)
- Risk assessments
- Operational security runbooks
- Ensure adherence to enterprise and regulatory compliance standards
Required Skills
- Strong expertise in AWS security services:
- IAM KMS CloudTrail GuardDuty WAF
- Experience designing AWS multi-account Landing Zones and governance models
- Deep understanding of:
- Identity and access management
- Encryption and key management
- Zero Trust architecture and least privilege principles
- Hands-on experience with vulnerability assessment tools:
- Nessus Qualys Burp Suite Fortify Checkmarx
- Strong knowledge of:
- Network security (firewalls IDS/IPS segmentation)
- OS-level security (Windows Server RHEL)
- Experience securing databases (Oracle SQL Server Exadata on AWS)
- Strong collaboration and stakeholder management skills
Preferred Skills
- Experience with AWS Shield and advanced threat protection tools
- Knowledge of integration security for and TIBCO ESB workloads
- Experience with DevSecOps and CI/CD security integration
- Certifications such as:
- AWS Certified Security Specialty
- CISSP / CISM / CCSP
