Role Summary Responsible for designing and securing cloud and network architectures across multi-cloud and hybrid environments. Oversees perimeter protection (WAF, Bot Management, DDoS), CSPM/CNAPP, hardening, and vulnerability management of cloud and network infrastructure. Key Responsibilities by Domain 1. Cloud Security Architecture (Multicloud) Design secure landing zones for AWS, Azure, and GCP including VPC/VNet, IAM, and governance. Implement guardrails via SCPs, Azure Policies, and organizational controls. Deploy and manage CSPM/CNAPP (Wiz, Prisma Cloud, Orca) for continuous security monitoring. Architect secure PaaS, Kubernetes (EKS/AKS/GKE), serverless, and container workloads. Integrate security into DevOps and Infrastructure as Code (Terraform, CloudFormation). 2. Network Security Architecture & Segmentation Design secure segmentation across cloud and hybrid networks (north-south, east-west). Establish and manage DMZs, bastion networks, and shared service VPCs/VNets. Define micro-segmentation using NSGs, Security Groups, and firewalls. Apply Zero Trust principles across all network communications. 3. Perimeter & Edge Security Architect and manage WAFs (Akamai, Cloudflare, AWS WAF, Azure WAF). Configure policies for WAF, DDoS, and Bot Management solutions. Protect APIs and portals from automation attacks. Design endpoint strategies for critical public/private services. 4. Security Hardening & Configuration Management Define CIS/compliance-based hardening baselines for all cloud services. Harden cloud-native networking (VPC Peering, Transit Gateway, Private Link). Review NSG/Firewall rules for least privilege and secure routing. Enforce encryption, TLS controls, and disable legacy protocols. 5. Cloud Identity & Access Management (IAM) Architect federated SSO (SAML/OIDC) via Azure AD, Okta, or equivalent IdPs. Enforce least privilege roles, permission boundaries, and JIT access. Remediate privilege escalations and excessive entitlements. 6. Security Monitoring & Compliance Enablement Define log architecture integrating CSPM, WAF, DDoS, and network logs into SIEM. Enable audit logging and correlate security events for threat visibility. Support compliance evidence for PCI DSS, RBI, and ISO 27001 frameworks. Preferred Experience and Qualifications 8–10 years in cloud and network security architecture or engineering. Strong understanding of OSI model, routing, VPNs, firewall technologies, WAF, and DDoS. Proficient with cloud-native security controls and CNAPP tools. Experience designing scalable, secure multicloud infrastructure. Certifications: CISSP, GIAC GSEC/GXPN (preferred but not mandatory).
Wait!
Before You Leave... Find Your Perfect Job!
Are you sure you don't want to discover the perfect job opportunity? At JobPe, we help you find the best career matches, tailored to your skills and preferences. Don’t miss out on your dream job!