At Capco we specialize in management consulting and technology transformation for the financial services industry. We combine innovative thinking with deep industry expertise to help our clients navigate complex change deliver meaningful outcomes and build future-ready organizations.
Our culture is entrepreneurial collaborative and inclusive. We empower our people to challenge the status quo take ownership and make an impact from day one.
As we continue to expand our Cloud and Cybersecurity capabilities we are looking for an experienced Cloud Architect Security & Guardrails (AWS/Azure) to help shape and secure enterprise-scale cloud environments.
ROLE OVERVIEW:
We are seeking a highly skilled Cloud Architect specializing in Multi-Cloud Security Operations and Governance to secure and enhance enterprise AWS and Azure environments.
This role goes beyond traditional cloud architecture. You will design and implement robust defense-in-depth security frameworks establish automated compliance guardrails integrate advanced security platforms and drive cloud security governance across complex environments.
Working at the intersection of Cloud Engineering Cybersecurity Risk and Security Operations you will play a key role in ensuring cloud platforms remain secure compliant resilient and continuously monitored.
KEY RESPONSIBILITIES:
Cloud Security Governance & Guardrails
Design implement and enforce security baselines and preventative guardrails across AWS and Azure environments.
Develop governance frameworks leveraging:
AWS Organizations
Service Control Policies (SCPs)
AWS Control Tower
Azure Policy
Azure Landing Zones
Ensure alignment with internal security standards regulatory requirements and industry best practices.
SIEM Monitoring & Logging Architecture
Design and optimize multi-cloud logging and monitoring strategies.
Build scalable telemetry pipelines integrating:
AWS CloudTrail
Amazon GuardDuty
Azure Activity Logs
Microsoft Defender for Cloud
Enable centralized visibility through enterprise SIEM platforms such as:
Microsoft Sentinel
Splunk
Support real-time threat detection correlation investigation and alerting capabilities.
Endpoint & Workload Protection
Define architecture and deployment strategies for:
EDR/XDR solutions
Cloud Workload Protection Platforms (CWPP)
Secure virtual machines containers Kubernetes environments and serverless workloads across cloud platforms.
Collaborate with Security Operations teams to enhance threat detection and response.
Vulnerability & Security Posture Management
Implement and optimize Cloud Security Posture Management (CSPM) capabilities.
Establish enterprise vulnerability management processes across cloud assets.
Enable continuous security scanning for:
Cloud misconfigurations
Infrastructure vulnerabilities
Container images
Operating systems
Develop automated remediation workflows and security playbooks.
Identity & Access Security
Design and enforce Zero-Trust security principles.
Strengthen Identity and Access Management (IAM) governance across cloud platforms.
Implement:
Just-In-Time (JIT) access
Privileged Access Management (PAM)
Role-Based Access Control (RBAC)
Federated identity solutions
Partner with security stakeholders to reduce privileged access risks.
Security Technology Integration
Evaluate deploy and govern best-in-class cloud security technologies.
Drive consistent security controls and operational excellence across the cloud ecosystem.
REQUIRED QUALIFICATIONS:
Extensive experience designing and securing enterprise-scale AWS and Azure knowledge of cloud-native security services controls and governance -on expertise with:
SIEM platforms
EDR/XDR technologies
Vulnerability management solutions
CSPM tools
Strong experience implementing:
Azure Policy
AWS Control Tower
Service Control Policies (SCPs)
Cloud governance frameworks
Advanced Infrastructure as Code (IaC) skills particularly with embedding security controls into CI/CD and cloud deployment understanding of:
Modern cyber threats
MITRE ATT&CK framework
Cloud attack vectors
Security monitoring and incident response processes
Proven ability to collaborate effectively with:
Cloud Engineering teams
Security Operations Centers (SOC)
Risk Compliance and Audit functions
Excellent stakeholder management and communication skills.
We offer a flexible collaboration model based on a B2B contract with the opportunity to work on diverse projects.
Recruitment Process:
HR Interview with the recruiter
Technical Interview
Client Interview
Feedback and offer
#LI-HYBRID
Required Experience:
Staff IC
CAPCO POLAND*We are looking for Poland based candidate.At Capco we specialize in management consulting and technology transformation for the financial services industry. We combine innovative thinking with deep industry expertise to help our clients navigate complex change deliver meaningful outcome...
CAPCO POLAND
*We are looking for Poland based candidate.
At Capco we specialize in management consulting and technology transformation for the financial services industry. We combine innovative thinking with deep industry expertise to help our clients navigate complex change deliver meaningful outcomes and build future-ready organizations.
Our culture is entrepreneurial collaborative and inclusive. We empower our people to challenge the status quo take ownership and make an impact from day one.
As we continue to expand our Cloud and Cybersecurity capabilities we are looking for an experienced Cloud Architect Security & Guardrails (AWS/Azure) to help shape and secure enterprise-scale cloud environments.
ROLE OVERVIEW:
We are seeking a highly skilled Cloud Architect specializing in Multi-Cloud Security Operations and Governance to secure and enhance enterprise AWS and Azure environments.
This role goes beyond traditional cloud architecture. You will design and implement robust defense-in-depth security frameworks establish automated compliance guardrails integrate advanced security platforms and drive cloud security governance across complex environments.
Working at the intersection of Cloud Engineering Cybersecurity Risk and Security Operations you will play a key role in ensuring cloud platforms remain secure compliant resilient and continuously monitored.
KEY RESPONSIBILITIES:
Cloud Security Governance & Guardrails
Design implement and enforce security baselines and preventative guardrails across AWS and Azure environments.
Develop governance frameworks leveraging:
AWS Organizations
Service Control Policies (SCPs)
AWS Control Tower
Azure Policy
Azure Landing Zones
Ensure alignment with internal security standards regulatory requirements and industry best practices.
SIEM Monitoring & Logging Architecture
Design and optimize multi-cloud logging and monitoring strategies.
Build scalable telemetry pipelines integrating:
AWS CloudTrail
Amazon GuardDuty
Azure Activity Logs
Microsoft Defender for Cloud
Enable centralized visibility through enterprise SIEM platforms such as:
Microsoft Sentinel
Splunk
Support real-time threat detection correlation investigation and alerting capabilities.
Endpoint & Workload Protection
Define architecture and deployment strategies for:
EDR/XDR solutions
Cloud Workload Protection Platforms (CWPP)
Secure virtual machines containers Kubernetes environments and serverless workloads across cloud platforms.
Collaborate with Security Operations teams to enhance threat detection and response.
Vulnerability & Security Posture Management
Implement and optimize Cloud Security Posture Management (CSPM) capabilities.
Establish enterprise vulnerability management processes across cloud assets.
Enable continuous security scanning for:
Cloud misconfigurations
Infrastructure vulnerabilities
Container images
Operating systems
Develop automated remediation workflows and security playbooks.
Identity & Access Security
Design and enforce Zero-Trust security principles.
Strengthen Identity and Access Management (IAM) governance across cloud platforms.
Implement:
Just-In-Time (JIT) access
Privileged Access Management (PAM)
Role-Based Access Control (RBAC)
Federated identity solutions
Partner with security stakeholders to reduce privileged access risks.
Security Technology Integration
Evaluate deploy and govern best-in-class cloud security technologies.
Drive consistent security controls and operational excellence across the cloud ecosystem.
REQUIRED QUALIFICATIONS:
Extensive experience designing and securing enterprise-scale AWS and Azure knowledge of cloud-native security services controls and governance -on expertise with:
SIEM platforms
EDR/XDR technologies
Vulnerability management solutions
CSPM tools
Strong experience implementing:
Azure Policy
AWS Control Tower
Service Control Policies (SCPs)
Cloud governance frameworks
Advanced Infrastructure as Code (IaC) skills particularly with embedding security controls into CI/CD and cloud deployment understanding of:
Modern cyber threats
MITRE ATT&CK framework
Cloud attack vectors
Security monitoring and incident response processes
Proven ability to collaborate effectively with:
Cloud Engineering teams
Security Operations Centers (SOC)
Risk Compliance and Audit functions
Excellent stakeholder management and communication skills.
We offer a flexible collaboration model based on a B2B contract with the opportunity to work on diverse projects.