Security Architect

Job responsibilities

• Design, implement, and maintain secure cloud infrastructures across public and private cloud environments (AWS, OpenStack, Azure, GCP), ensuring the integration of best security practices and alignment with business goals.
• Develop and execute a comprehensive cloud security strategy that integrates security requirements into cloud architecture and development processes, focusing on continuous improvement and threat mitigation.
• Architect and implement robust network security solutions, including firewalls, intrusion detection systems (IDS/IPS), VPNs, and secure remote access, ensuring the confidentiality, integrity, and availability of cloud-based assets.
• Design, configure, and manage Web Application Firewalls (WAF) to protect web applications from external threats such as DDoS, SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities.
• Conduct regular security assessments, penetration testing, and vulnerability assessments to identify and mitigate security risks in cloud environments and network infrastructure.
• Lead the automation of security processes, implementing infrastructure-as-code (IaC) for secure and compliant cloud deployments using tools such as Terraform and CloudFormation. Ensure compliance with industry standards and regulations (e.g., SOC 2, ISO 27001, GDPR, NIST).
• Establish incident response protocols for cloud environments, leading investigations and remediating security incidents across cloud and network infrastructures.
• Manage and integrate cloud security tools, including identity and access management (IAM), encryption solutions, cloud-native security services (e.g., AWS Guard Duty, Azure Security Centre), and third-party solutions like WAF and EDR.
• Provide guidance and mentorship to junior security engineers and other stakeholders on cloud security best practices, threat intelligence, and network security design.
• Maintain thorough documentation of cloud security architectures, configurations, incident response actions, and risk assessments. Regularly report to senior management on security posture and improvements.
• Stay up to date with the latest security threats, vulnerabilities, and mitigation techniques, especially for cloud security and network infrastructure. Proactively design solutions to combat emerging threats.

Skills

• Extensive experience in designing and implementing secure cloud infrastructures and services, with proficiency in one or more cloud platforms (AWS, OpenStack, Azure, Google Cloud).
• Deep understanding of network security concepts and practices including firewalls, VPNs, proxy servers, IDS/IPS, and network access control in cloud environments.
• Hands-on experience in implementing, configuring, and managing WAF solutions (e.g., AWS WAF, Azure WAF) to protect applications from external attacks, including DDoS, XSS, and SQL injections.
• Expertise in configuring and managing IAM policies, roles, and permissions in cloud environments to enforce least-privilege access and mitigate insider threats.
• Strong knowledge of security standards and frameworks such as ISO 27001, SOC 2, NIST, GDPR, and PCI-DSS, and experience ensuring compliance in cloud and network security projects.
• Experience with cloud-based security monitoring tools (e.g., AWS Guard Duty, Azure Sentinel) and leading incident response efforts for cloud security incidents.
• Experience conducting vulnerability assessments, penetration tests, and security audits to identify weaknesses and implement remediation strategies in cloud and network environments.
• Deep understanding of security architecture principles and designing systems with a Security by Design” mindset to safeguard cloud and network infrastructure.
• Knowledge of data encryption techniques for data-at-rest and data-in-transit and securing data storage and communication in cloud environments.
• Ability to lead and mentor teams of security engineers, fostering collaboration across security, DevOps, and network engineering teams.
• Should be comfortable working with different teams and have good communication skills.

Qualifications

• 8+ years of experience leading security initiatives for enterprises in an information security (InfoSec) consultant or architect role.
• Prior experience as a team lead or role mentoring junior team members.
• AWS, CEH, OSCP, AWS Certified Security Specialty or CISSP Certifications preferred.