Cloud Security Architect

Netenrich delivers complete Resolution Intelligence to transform digital operations into smarter business outcomes. With fifteen years’ innovation across IT, NetOps and SecOps, Netenrich applies a dynamic mix of machine and expert intelligence across a wide range of products and SaaS-based offerings. The solutions integrate with more than 140 market-leading IT and security applications to drive digital transformation, mitigate brand exposure, increase efficiencies, and bridge skills gaps. More than 6,000 customers and organizations worldwide rely on Netenrich to gain increased visibility and actionable intelligence across their IT and cloud networks. The company is privately owned and based in Santa Clara, CA.

Role/Title : Cloud Security Architect

Experience:  8-12 Years

Work Location: Hyderabad / Bhimavaram

Role:

We are looking for an experienced and hands-on Cloud Security Architect to join our team in Hyderabad/Bhimavaram. The role requires a deep understanding of cloud-native application protection platforms (CNAPP) such as Wiz, and a strong technical foundation in securing production environments at scale. The candidate must be able to design, implement, and continuously improve security across operating systems, applications, and multi-cloud services (AWS, Azure, GCP).

This role will act as a bridge between security, infrastructure, DevOps, and application teams, ensuring that security is embedded across the entire lifecycle — from architecture and design to deployment and operations — while aligning with industry best practices and compliance frameworks.

Key Responsibilities:

Cloud Security Architecture & Design

●       Architect secure, scalable, resilient multi-cloud solutions; assess and uplift existing landing zones (AWS Control Tower, Azure ALZ, GCP LZ) with zero-trust patterns and segmentation.

●       Lead adoption and tuning of CNAPP (Wiz preferred) for posture, vulnerability, CIEM, container, and compliance monitoring; integrate into incident/change workflows.

●       Publish reference architectures and guardrails for IaaS, PaaS, containers/Kubernetes, serverless, and SaaS; embed least-privilege IAM, KMS/Key Vault/Cloud KMS, encryption in transit/at rest, tokenization, and secrets management.

●       Partner with platform, SRE, and app teams to embed security by design (threat modeling, architecture reviews, security NFRs).

Managed Cloud Security Operations (Posture, Enforcement & Optimization)

●       Operate and continuously improve CNAPP (Wiz preferred)

Run CSPM/CWPP/CIEM day-to-day:

Continuous compliance:

Identity & access guardrails:

Kubernetes & container runtime ops:

Vulnerability & patch orchestration:

Data protection posture:

SIEM/SOAR/XDR integration:

FinOps-aware security:

Reporting & stakeholder comms:

Ops success metrics (examples):

Governance, Risk & Compliance

●       Establish and maintain policies, baselines, and control mappings to ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, NIST CSF/800-53, CIS Benchmarks.

●       Enable continuous compliance via CNAPP/cloud config rules and automated evidence collection.

●       Lead/assist audits and security questionnaires; produce risk assessments, gap analyses, POA&Ms, and executive readouts.

Threat Management & Incident Response

●       Conduct threat modeling and attack-surface analysis (cloud, container, API); run red/blue/purple exercises for cloud scenarios.

●       Build playbooks/integrations with SIEM/SOAR/XDR; lead/assist incident triage, forensics, RCA, and post-incident hardening.

●       Track and mitigate evolving threats (supply chain, container/runtime exploits, misconfigurations, API abuse).

Requirement:

Technical Expertise

●       Proven hands-on experience with CNAPP solutions (preferably Wiz; experience with Prisma Cloud, Orca Security, or Lacework is a plus).

●       Strong knowledge of cloud provider security services (AWS IAM, KMS, GuardDuty, Security Hub; Azure Defender, Sentinel, Key Vault; GCP Security Command Center, IAM).

●       Expertise in Kubernetes and container security (admission controllers, pod security policies, runtime protection, image scanning).

●       Proficiency in operating system hardening (Linux, Windows) and application-level security.

●       Hands-on scripting/automation experience (Python, PowerShell, Bash, Terraform, or similar).

●       Familiarity with identity federation, secrets management, encryption, PKI, and key rotation practices.

Professional Background

●       8–12 years of IT/security experience, with at least 4–6 years in cloud security architecture and engineering.

●       Demonstrated track record of securing large-scale, production-grade cloud environments.

●       Certifications strongly preferred:

○       Cloud:

Security:

Soft Skills

●       Strong analytical and problem-solving abilities with a hands-on, solution-oriented mindset.

●       Excellent communication and documentation skills to effectively engage senior leadership, engineers, and auditors.

●       Ability to balance practical security with business enablement.

●       Team player who can influence without authority and drive cross-functional initiatives.

Preferred Qualifications

●       Experience with SIEM, SOAR, and XDR solutions for cloud monitoring and incident management.

●       Knowledge of DevSecOps pipelines with tools like GitHub Actions, Jenkins, GitLab CI/CD, or Azure DevOps.

●       Contributions to cloud security research, open-source projects, or community forums.

If not you, know anyone who is good for this role? If yes, please refer to fathima.khanam@netenrich.com