Cloud Security Architect

At Thorlabs we design and manufacture components instruments and systems that transform the world by identifying enabling and accelerating key photonics (i.e. light-based) technologies. Backed by a dedicated workforce of more than 3000 employees worldwide Thorlabscontributes to cutting-edge research and real-world innovation.

Whether youre early in your career or bringing years of experience youll find opportunities to grow take ownership and make meaningful contributions from day one. We know every employee brings unique talents and perspectives that fuel our success and we seek driven individuals who are excited to make an impact in a fun fast-moving culture.

Purpose of the Position

The Cloud Security Architect is responsible for designing and optimizing secure architectures for cloud

environments with a primary focus on Microsoft Azure M365 and related security technologies. This role ensures

the effective deployment of cloud infrastructure and security solutions to address evolving threats. The architect

collaborates across teams to guide security architecture and identity and access management (IAM) practices while

also overseeing the outsourced Security Operations Center (SOC) vendor. By supporting the organizations cloudfirst

strategy the Cloud Security Architect ensures the security of operations and drives the adoption of best

practices in SOC IAM and cloud security architecture.

Although the location of the position is in Newton NJ from time to time it may be required to undertake duties at

other Thorlabs locations.

Essential Job Functions include the following but are not limited to:

Cloud Security Architecture & Operations:

• Design secure cloud architectures that align with business requirements and mitigate security risks primarily within the Microsoft technology stack (Azure M365 Microsoft Sentinel Defender suite Intune and Entra).
• Review and provide guidance on the implementation of cloud security technologies to ensure alignment with security operations IT infrastructure and operations best practices enhancing the effectiveness of the security monitoring process in accordance with SOC standards.
• Ensure baseline security measures are in place including identity and access controls authentication and authorization processes.
• Collaborate with IT teams to implement automated security controls and maintain secure cloud configurations across infrastructure.

Identity and Access Management (IAM):

• Collaborate with Security Engineering and IT Infrastructure and Operations teams to optimize and enhance a comprehensive suite of IAM tools and solutions ensuring alignment with best practices.
• Lead the IAM architecture function through collaboration encompassing identity management for service accounts privileged accounts and general access management
• Establish IAM policies and procedures for Role-Based Access Control (RBAC) Privileged Access Management (PAM) certification processes and Segregation of Duties (SoD).
• Define and recommend the operating model for IAM including RACI access policies and procedures.
• Design the lifecycle of identities in alignment with Joiner-Mover-Leaver (JML) processes through collaborative effort.

SOC Management:

• Oversee the outsourced SOC vendor to ensure security operations align with organizational needs and are continually enhanced.
• Monitor vendor performance and ensure timely response to security incidents working closely with the SOC to optimize incident detection and response.
• Collaborate with the SOC to continuously improve security monitoring alerting and response protocols.

Collaboration and Leadership:

• Partner closely with Security Engineering IT Infrastructure and Operations DevOps and GRC (Governance Risk and Compliance) teams to ensure security is embedded into all aspects of infrastructure and application development.
• Serve as the subject matter expert in cloud security providing guidance and assurance to stakeholders.
• Lead the evaluation acquisition and divestiture of cloud security solutions to ensure the environment remains secure and up-to-date with emerging threats and requirements.
• Lead and nurture creativity in secure service delivery for the cloud.

Physical Activities:

This is largely a sedentary role; however some filing is required. This would require the ability to lift files open filing cabinets and bend or stand as necessary.

Qualifications

Experience:

• Minimum 7 years of experience in Enterprise IT.

• Minimum of 4 years in cloud security architecture or similar roles.
• Certifications such as CISSP CISM CEH or relevant Microsoft cloud certifications (Cybersecurity Architect and Azure Solutions Architect etc.) preferred.
• Expertise in designing and implementing security architecture in cloud environments particularly with Microsoft Azure and M365.
• Experience in managing identity and access management (IAM) in cloud environments including RBAC PAM and SoD frameworks.
• Experience with cloud compliance requirements and regulatory frameworks like GDPR HIPAA CCPA and NIST.

Education:

• Bachelors degree in computer science Engineering related field or equivalent work experience.

Specialized Knowledge and Skills:

• Expertise in Microsoft Azure and M365 security architecture.

• Expertise in cloud-native security tools such as Microsoft Sentinel Defender for Endpoint Defender for Identity and Intune.
• Experience in security engineering disciplines such as SIEM (Microsoft Sentinel) IAM and SOC management.
• Deep understanding of identity management authentication and authorization protocols (OAuth MFA etc.).
• Proficient in automating security processes and ensuring compliance with cloud security standards.
• Strong problem-solving and analytical skills with the ability to anticipate security risks in cloud environments.
• Strong knowledge of security concepts including system hardening vulnerability management and incident response.
• Excellent communication and leadership skills with the ability to influence across teams.
• Familiarity with SOC operations especially managing or overseeing outsourced SOC vendors

Pay range for this position is 117000 - 152000 depending on experience

Thorlabs values its diverse environment and is proud to be an Equal Employment Opportunity/Affirmative Action Employer. All qualified individuals will receive consideration for employment without regard to race color religion gender gender identity or expression sexual orientation national origin genetics disability age or veteran status. Job descriptions are not intended as and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law.

Thorlabs offers a complete benefits package that includes medical dental and vision insurance company paid life insurance a generous PTO package a 401(k) plan and tuition reimbursement just to name a few.

Required Experience:

Staff IC