Cloud Security Architect

Job Title: Cloud Security ArchitectDescription:The role involves designing and implementing a comprehensive security strategy for cloud environments. The ideal candidate will have experience in multi-cloud security, including AWS and Azure, and be able to apply Zero Trust principles across all layers of identity, access, data, and infrastructure.Responsibilities:Design and implement secure cloud architectures that align with organizational standards and regulatory requirements.Manage and harden cloud environments using AWS services (EC2, S3, RDS, IAM, VPC, CloudFormation, Route 53, CloudWatch) and Azure services (VMs, Storage, Networking, Azure AD, Synapse).Apply Zero Trust principles across all cloud layers, enforcing segmentation, least privilege, and secure access policies.Conduct regular cloud security posture reviews and audits, ensuring adherence to frameworks such as ISO 27001, NIST, CIS, and SCA.Microsoft & Identity Security Management:The successful candidate will also be responsible for administering and securing Microsoft 365, Exchange, Active Directory, and Windows Server OS environments.Administer and secure Microsoft 365, Exchange, Active Directory, and Windows Server OS environments.Ensure effective management of domain services, identity synchronization, and group policies.Implement Conditional Access, MFA, and Privileged Access Management (PAM) controls to protect user and administrative identities.Integrate and maintain identity federation between cloud and on-prem systems for unified authentication.Infrastructure Operations & BAU Security:The role requires oversight of infrastructure backup and restore operations, patching, monitoring, and capacity management.Oversee infrastructure BAU operations including backups, patching, monitoring, and capacity management.Lead SecOps activities including endpoint patching, vulnerability remediation, and system hardening.Manage both Windows and Linux operating systems, ensuring compliance with hardening benchmarks.Collaborate with the NOC team to ensure continuous monitoring, incident response, and SLA compliance.Automation, DevSecOps & Infrastructure as Code (IaC):The ideal candidate should have hands-on expertise in implementing CI/CD pipelines using Azure DevOps, AWS CodePipeline, or GitHub Actions, as well as applying IaC principles using Terraform, CloudFormation, ARM, Bicep, or Ansible.Implement and manage CI/CD pipelines using Azure DevOps (preferred), AWS CodePipeline, and GitHub Actions.Apply Infrastructure as Code (IaC) principles using Terraform, CloudFormation, ARM, Bicep, and Ansible to automate provisioning and enforce secure configurations.Integrate security scanning (SAST, DAST, dependency checks) into development and deployment pipelines.Deploy and manage container platforms (Amazon EKS, Azure AKS) with secure baseline configurations.Security Operations (SOC) & Incident Management:The successful candidate will oversee SOC operations, ensuring effective monitoring, alert triage, and incident response, as well as utilize SIEM/SOAR tools for centralized visibility and automation.Oversee SOC operations, ensuring effective monitoring, alert triage, and incident response.Utilize SIEM/SOAR tools (Azure Sentinel, Splunk, AWS Security Hub) for centralized visibility and automation.Lead the incident response lifecycle—detection, containment, investigation, remediation, and lessons learned.Conduct root cause analysis for major incidents and ensure continuous improvement of detection rules.Required Qualifications & Experience:The ideal candidate will possess a Bachelor's degree in Computer Science, Information Security, or related field, along with 10+ years of IT and security experience, including at least 5 years in multi-cloud (AWS and Azure) security.Bachelor's degree in Computer Science, Information Security, or related field (Master's preferred).10+ years of IT and security experience, with at least 5 years in multi-cloud (AWS and Azure) security.Proven track record designing and managing cloud and hybrid security architectures.Experience implementing Zero Trust frameworks and securing cloud infrastructure and endpoints.Hands-on expertise with IAM, EDR, DLP, encryption, and vulnerability management tools.Experience managing SOC/SecOps and supporting compliance with ISO 27001, NIST, and SCA standards.Certifications:CISSP or CCSP (required)AWS Certified Security – Specialty (preferred)Microsoft Certified: Cybersecurity Architect Expert or Azure Security Engineer Associate (preferred)ISO 27001 Lead Implementer or Zero Trust Certified Architect (advantage)ITIL Foundation (preferred)Skills & Competencies:The ideal candidate will possess strong analytical and problem-solving skills, with excellent communication skills to interact with technical and non-technical stakeholders.Cloud security architecture (AWS & Azure).Identity and access management (IAM, PAM, MFA, Conditional Access).Infrastructure as Code (Terraform, CloudFormation, ARM, Bicep, Ansible).SOC and SecOps operations management.Endpoint and vulnerability management (EDR, patching, DLP).DevSecOps and CI/CD integration (Azure DevOps preferred).Networking, firewalls, VPN, and hybrid connectivity security.Compliance with ISO 27001, NIST, and SCA frameworks.Disaster Recovery and business resilience planning.Continuous learning and adaptability to evolving threats and technologies.About Us:We are a [company_name] dedicated to delivering high-quality solutions to our clients. If you're passionate about cloud security and want to join a dynamic team, we encourage you to submit your application.