Job
Description
We are seeking an experienced Cloud Security Technical Team Lead to design, implement, and manage enterprise-grade security solutions across our clients Azure/AWS/GCP cloud environments. The ideal candidate will bring deep expertise in Cloud security domains, strong leadership skills, and hands-on experience in safeguarding cloud infrastructure, applications, and data. This role requires both strategic vision and technical execution to ensure our cloud ecosystems remain secure, compliant, and resilient. Roles and Responsibilities
Lead the design, implementation, and management of security solutions across multiple cloud environments.Define and enforce security policies, standards, and best practices aligned with organizational goals and compliance requirements.Partner with IT, Cloud, and Security teams to assess risks, recommend mitigations, and ensure security controls are consistently applied.Oversee threat modeling, risk assessments, and vulnerability management in cloud workloads.Monitor, analyze, and respond to security incidents in collaboration with the SOC team.Drive governance initiatives around identity, access, and privileged account management.Conduct regular audits of security configurations and ensure compliance with regulatory frameworks (e.g., ISO 27001, SOC2, GDPR, HIPAA).Provide technical leadership and mentorship to the cloud security team.Organizes and delegates workload for the team - Assigns resources to clients and Manages Utilization of the cloud security team.Stay updated on evolving cloud security technologies, tools, threats, and industry trends.Point of Contact for urgent and critical customer technical escalations
Core Cloud Security Domains Identity & Access Management (IAM)AzureAzure Active Directory (Azure AD), Conditional Access, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), Privileged Identity Management (PIM).AWSAWS IAM Identity Center (formerly AWS SSO), IAM Roles & Policies, Attribute-Based Access Control (ABAC), MFA, AWS Organizations for centralized access control, and AWS IAM Access Analyzer for policy validation.Network SecurityAzureAzure Firewall, Network Security Groups (NSG), Application Security Groups (ASG), Azure DDoS Protection, Web Application Firewall (WAF), Private Link, Service Endpoints.AWSAWS Network Firewall, Security Groups, Network ACLs, AWS Shield (Standard & Advanced), AWS WAF, AWS PrivateLink, VPC Endpoints.Data Protection & EncryptionAzureAzure Key Vault, Azure Disk Encryption, Transparent Data Encryption (TDE), encryption in transit and at rest, Azure Confidential Computing.AWSAWS Key Management Service (KMS), AWS CloudHSM, EBS Encryption, S3 Server-Side Encryption (SSE), AWS Nitro Enclaves for confidential computing, TLS for encryption in transit.Application SecurityAzureSecure DevOps with Azure DevOps & GitHub Actions, API Management security, Web App security baselines, Azure Application Gateway with WAF.AWSAWS CodePipeline/CodeBuild for DevSecOps, AWS API Gateway with throttling and authorization, AWS WAF integrated with CloudFront or ALB, AWS AppConfig for safe deployments.Threat Protection & MonitoringAzureMicrosoft Defender for Cloud, Defender for Endpoint, Defender for Identity, Azure Sentinel (SIEM), Log Analytics.AWSAmazon GuardDuty, AWS Security Hub, AWS Inspector, AWS CloudTrail, Amazon Detective, AWS Config, and Amazon OpenSearch for SIEM-like capabilities.Compliance & GovernanceAzureAzure Policy, Azure Blueprints, Microsoft Purview Compliance Manager, Security Center recommendations.AWSAWS Config, AWS Organizations SCPs, AWS Audit Manager, AWS Artifact for compliance reports, AWS Control Tower for governance at scale.Vulnerability & Patch ManagementAzureMicrosoft Endpoint Manager (Intune), Azure Update Management, Defender for Endpoint vulnerability assessments.AWSAWS Systems Manager Patch Manager, AWS Inspector for vulnerability scanning, AWS Systems Manager State Manager for configuration compliance.Incident Response & Recovery AzureIntegration with SOC workflows, Azure Automation runbooks, Azure Backup, Azure Site Recovery.AWSAWS Systems Manager Automation for runbooks, AWS Backup, AWS Elastic Disaster Recovery (DRS), integration with third-party SIEM/SOAR tools.
Qualifications 8+ years of IT security experience, with 5+ years in cloud security.Proven expertise in cloud security architecture and operations.Strong knowledge of cloud-native security services and third-party integrations.Hands-on experience with cloud security such as Azure Sentinel, GuardDuty, Microsoft Defender suite.Familiarity with security standards and frameworks (e.g., NIST, CIS, HIPPA, FedRAMP).Strong leadership and communication skills to influence stakeholders and lead a team of cloud security engineers.Relevant certifications preferred, such asAZ-500 (Azure Security Engineer), SC-100 (Cybersecurity Architect Expert), CISSP, CISM, CCSP-Value Added, AWS Certified Security Specialty.
