Cloud Security Technical Team Lead

Job Description We are seeking an experienced Cloud Security Technical Team Lead to design, implement, and manage enterprise-grade security solutions across our clients Azure/AWS/GCP cloud environments. The ideal candidate will bring deep expertise in Cloud security domains, strong leadership skills, and hands-on experience in safeguarding cloud infrastructure, applications, and data. This role requires both strategic vision and technical execution to ensure our cloud ecosystems remain secure, compliant, and resilient. Roles And Responsibilities - Lead the design, implementation, and management of security solutions across multiple cloud environments. - Define and enforce security policies, standards, and best practices aligned with organizational goals and compliance requirements. - Partner with IT, Cloud, and Security teams to assess risks, recommend mitigations, and ensure security controls are consistently applied. - Oversee threat modeling, risk assessments, and vulnerability management in cloud workloads. - Monitor, analyze, and respond to security incidents in collaboration with the SOC team. - Drive governance initiatives around identity, access, and privileged account management. - Conduct regular audits of security configurations and ensure compliance with regulatory frameworks (e.g., ISO 27001, SOC2, GDPR, HIPAA). - Provide technical leadership and mentorship to the cloud security team. - Organizes and delegates workload for the team - Assigns resources to clients and Manages Utilization of the cloud security team. - Stay updated on evolving cloud security technologies, tools, threats, and industry trends. - Point of Contact for urgent and critical customer technical escalations Core Cloud Security Domains - Identity & Access Management (IAM) - Azure: Azure Active Directory (Azure AD), Conditional Access, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), Privileged Identity Management (PIM). - AWS: AWS IAM Identity Center (formerly AWS SSO), IAM Roles & Policies, Attribute-Based Access Control (ABAC), MFA, AWS Organizations for centralized access control, and AWS IAM Access Analyzer for policy validation. - Network Security - Azure: Azure Firewall, Network Security Groups (NSG), Application Security Groups (ASG), Azure DDoS Protection, Web Application Firewall (WAF), Private Link, Service Endpoints. - AWS: AWS Network Firewall, Security Groups, Network ACLs, AWS Shield (Standard & Advanced), AWS WAF, AWS PrivateLink, VPC Endpoints. - Data Protection & Encryption - Azure: Azure Key Vault, Azure Disk Encryption, Transparent Data Encryption (TDE), encryption in transit and at rest, Azure Confidential Computing. - AWS: AWS Key Management Service (KMS), AWS CloudHSM, EBS Encryption, S3 Server-Side Encryption (SSE), AWS Nitro Enclaves for confidential computing, TLS for encryption in transit. - Application Security - Azure: Secure DevOps with Azure DevOps & GitHub Actions, API Management security, Web App security baselines, Azure Application Gateway with WAF. - AWS: AWS CodePipeline/CodeBuild for DevSecOps, AWS API Gateway with throttling and authorization, AWS WAF integrated with CloudFront or ALB, AWS AppConfig for safe deployments. - Threat Protection & Monitoring - Azure: Microsoft Defender for Cloud, Defender for Endpoint, Defender for Identity, Azure Sentinel (SIEM), Log Analytics. - AWS: Amazon GuardDuty, AWS Security Hub, AWS Inspector, AWS CloudTrail, Amazon Detective, AWS Config, and Amazon OpenSearch for SIEM-like capabilities. - Compliance & Governance - Azure: Azure Policy, Azure Blueprints, Microsoft Purview Compliance Manager, Security Center recommendations. - AWS: AWS Config, AWS Organizations SCPs, AWS Audit Manager, AWS Artifact for compliance reports, AWS Control Tower for governance at scale. - Vulnerability & Patch Management - Azure: Microsoft Endpoint Manager (Intune), Azure Update Management, Defender for Endpoint vulnerability assessments. - AWS: AWS Systems Manager Patch Manager, AWS Inspector for vulnerability scanning, AWS Systems Manager State Manager for configuration compliance. - Incident Response & Recovery - Azure: Integration with SOC workflows, Azure Automation runbooks, Azure Backup, Azure Site Recovery. - AWS: AWS Systems Manager Automation for runbooks, AWS Backup, AWS Elastic Disaster Recovery (DRS), integration with third-party SIEM/SOAR tools. Qualifications - 8+ years of IT security experience, with 5+ years in cloud security. - Proven expertise in cloud security architecture and operations. - Strong knowledge of cloud-native security services and third-party integrations. - Hands-on experience with cloud security such as Azure Sentinel, GuardDuty, Microsoft Defender suite. - Familiarity with security standards and frameworks (e.g., NIST, CIS, HIPPA, FedRAMP). - Strong leadership and communication skills to influence stakeholders and lead a team of cloud security engineers. - Relevant certifications preferred, such as: AZ-500 (Azure Security Engineer), SC-100 (Cybersecurity Architect Expert), CISSP, CISM, CCSP-Value Added, AWS Certified Security Specialty.