Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Cloud Security Architecture
Good to have skills : NA
Minimum 7.5 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary: As a Cloud Security Architect, you will lead the design and implementation of secure cloud architectures with a primary focus on Amazon Web Services (AWS) and complementary expertise in Microsoft Azure and other cloud platforms. You will define and enforce cloud security frameworks, ensuring alignment with business goals, compliance standards (CIS, NIST, PCI-DSS, ISO 27001), and performance benchmarks. Your role involves collaborating across teams to integrate security controls, automate governance, and transition legacy systems to cloud-native security operations. Staying abreast of emerging threats, tools (e.g., CSPM, CNAPP, CWPP), and best practices is essential to continuously enhance the organization’s security posture. Roles & Responsibilities: - Architect and implement secure AWS Landing Zones using Control Tower, Service Control Policies (SCPs), IAM, and VPC design. - Deploy and manage AWS-native security services: Security Hub, GuardDuty, Macie, Inspector, KMS, WAF, Shield, CloudTrail, Config, and IAM Access Analyzer. - Implement Azure Sentinel, Microsoft Defender for Cloud, MDI, MDE, MDCA, O365 Security & Compliance, DLP, AIP, Azure Policy, Firewall, WAF, Key Vault, NSG/ASG, Logic Apps, Azure Functions, and Microsoft Purview. - Design and enforce Zero Trust Architecture and tag-based access control in AWS using Lake Formation, Glue, and cross-account IAM policies. - Develop and automate security playbooks, workbooks, and threat hunting queries using KQL, rsyslog scripting, and Lambda functions. - Lead implementation and governance of CSPM, CNAPP, and CWPP tools across multi-cloud environments. - Conduct security assessments, risk evaluations, and penetration testing of cloud environments. - Migrate on-premise security services to cloud-native equivalents, ensuring minimal latency and maximum compliance. - Collaborate with application teams to align cloud security roles and privileges during migration and build phases. - Create reusable automation assets using Terraform, CloudFormation, and Ansible for Infrastructure as Code (IaC) deployments. - Maintain comprehensive documentation of cloud security policies, procedures, and audit trails. - Present security architecture and findings to clients and stakeholders, supporting workshops and orals. - Drive governance and compliance initiatives, including DMARC, SMTP relay, DLP, and email attachment filtering. Professional & Technical Skills: - Deep expertise in AWS Security Architecture: IAM, KMS, Security Hub, GuardDuty, Macie, Lake Formation, Glue. - Strong working knowledge of Azure Security Services: Sentinel, Defender Suite, Policy, Firewall, WAF, Key Vault, Logic Apps, Functions. - Proficiency in cloud-native security tools and automation frameworks: Terraform, CloudFormation, Ansible. - Hands-on experience with CSPM, CNAPP, and CWPP platforms. - Familiarity with DevSecOps, CI/CD pipelines, and secure code repositories. - Advanced understanding of compliance frameworks: CIS, NIST, PCI-DSS, ISO 27001. - Experience in security assessments, threat modeling, and incident response. - Knowledge of application security, network segmentation, and data protection. - Strong presentation and client-facing communication skills. - Certifications: AWS Solutions Architect, Azure Administrator (AZ-104), Azure Solutions Architect (AZ-305), DevOps Engineer Expert (AZ-400). Additional Information: - Minimum 10 years of experience in Cloud Security Architecture. - Position based at Bengaluru office. - 15 years of full-time education required.