AWS Cloud Security Architect
We are seeking a highly skilled Cloud Security Architect with deep expertise in AWS to lead the design, assessment, and governance of secure cloud environments for our clients. This role is central to delivering security consulting engagements, including architecture design, risk assessments, compliance mapping, and cloud-native control implementation. The ideal candidate will combine technical excellence in AWS and multi-cloud platforms with strong client advisory skills, helping organizations enhance their security posture, implement scalable guardrails, and adopt modern DevSecOps and CNAPP practices. This position also involves mentoring junior staff, contributing to internal methodologies, and supporting pre-sales and solutioning efforts within a fast-growing consultancy environment.
Roles and Responsibilities:
Design secure cloud architectures and reference models for AWS and multi-cloud environments
Conduct in-depth cloud security assessments to identify security misconfigurations, architecture and cloud operations risks, and compliance gaps
Advise clients on AWS identity and access management strategies including IAM roles, policies, federation, and ABAC/RBAC models
Develop and implement cloud governance strategies including tagging taxonomies, policy enforcement with SCPs, RCPs, DPs, and Policy as Code patterns
Perform threat modeling and risk assessments for cloud-native applications and workloads
Guide secure implementation of Infrastructure as Code with Terraform, CloudFormation, and AWS CDK
Integrate security controls into client CI/CD pipelines and DevOps workflows
Understanding of CNAPP (CSPM, CIEM, and CWPP) tooling and how it may supplement and/or replace cloud-native solutions
Work with internal pre-sales teams in identifying use-cases and opportunities for third-party security tooling (e.g., CNAPP, Secrets Management, data security, cloud detection and response, NHI, etc.)
Map cloud security controls to regulatory frameworks like PCI, SOC 2, HITRUST, NIST, ISO 27001, etc.
Assist clients with continuous compliance and audit readiness in cloud environments
Prepare and present client deliverables such as security roadmaps, process improvements, gap analyses, architecture diagrams, cloud security strategies, and custom deliverables based on the needs of the client
Lead AWS security workshops, technical interviews, and stakeholder briefings
Contribute to internal methodologies, templates, and reusable assessment frameworks
Mentor junior consultants and support knowledge sharing within the consultancy
Assist with scoping and pre-sales activities including proposals and statements of work (SOWs)
Experience & Technical Proficiency
Minimum of 5 years of designing AWS architecture and operating AWS workloads in medium to large AWS environments
AWS knowledge must include networking, data security, identity and access management, and automation, and extensive hands-on with Amazon’s cloud-native security tooling services
Strong knowledge of IAM patterns (RBAC, ABAC), federated access, permission boundaries, SCPs, and RCPs
Proficiency in Infrastructure as Code (Terraform, CloudFormation) and secure coding practices
Experience with CIEM, CSPM, or CWPP tools
Skilled in threat modeling, risk analysis, and mapping controls to frameworks (e.g., NIST, CIS, MITRE ATT&CK)
Development knowledge or experience with Infrastructure as Code (IaC), such as Terraform, CloudFormation, or CDK
Working knowledge with the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM)
Familiarity with DevSecOps practices and integrating security into CI/CD pipelines
Scripting or automation skills (e.g., Python, Bash, or PowerShell)
Leadership and Collaboration
Ability to lead technical workshops, discovery sessions, and architecture reviews with clients
Comfortable advising both technical and non-technical stakeholders on cloud security strategy
Skilled in producing high-quality deliverables and communicating complex concepts clearly
Experience mentoring junior staff or guiding cross-functional teams on cloud security best practices
Collaborative mindset with a strong consulting presence and client service orientation
Education & Certifications
Bachelor’s or equivalent experience in Cybersecurity, Computer Science, Engineering, or related field.
Preferred certifications:
CISSP, CCSP, CCSK
AWS Cloud certifications: AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional
Other CSP Certifications: Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer
Ongoing commitment to professional development and staying current with cloud and security trends and certifications.
AWS Cloud Security Architect
We are seeking a highly skilled Cloud Security Architect with deep expertise in AWS to lead the design, assessment, and governance of secure cloud environments for our clients. This role is central to delivering security consulting engagements, including architecture design, risk assessments, compliance mapping, and cloud-native control implementation. The ideal candidate will combine technical excellence in AWS and multi-cloud platforms with strong client advisory skills, helping organizations enhance their security posture, implement scalable guardrails, and adopt modern DevSecOps and CNAPP practices. This position also involves mentoring junior staff, contributing to internal methodologies, and supporting pre-sales and solutioning efforts within a fast-growing consultancy environment.
Roles and Responsibilities:
Design secure cloud architectures and reference models for AWS and multi-cloud environments
Conduct in-depth cloud security assessments to identify security misconfigurations, architecture and cloud operations risks, and compliance gaps
Advise clients on AWS identity and access management strategies including IAM roles, policies, federation, and ABAC/RBAC models
Develop and implement cloud governance strategies including tagging taxonomies, policy enforcement with SCPs, RCPs, DPs, and Policy as Code patterns
Perform threat modeling and risk assessments for cloud-native applications and workloads
Guide secure implementation of Infrastructure as Code with Terraform, CloudFormation, and AWS CDK
Integrate security controls into client CI/CD pipelines and DevOps workflows
Understanding of CNAPP (CSPM, CIEM, and CWPP) tooling and how it may supplement and/or replace cloud-native solutions
Work with internal pre-sales teams in identifying use-cases and opportunities for third-party security tooling (e.g., CNAPP, Secrets Management, data security, cloud detection and response, NHI, etc.)
Map cloud security controls to regulatory frameworks like PCI, SOC 2, HITRUST, NIST, ISO 27001, etc.
Assist clients with continuous compliance and audit readiness in cloud environments
Prepare and present client deliverables such as security roadmaps, process improvements, gap analyses, architecture diagrams, cloud security strategies, and custom deliverables based on the needs of the client
Lead AWS security workshops, technical interviews, and stakeholder briefings
Contribute to internal methodologies, templates, and reusable assessment frameworks
Mentor junior consultants and support knowledge sharing within the consultancy
Assist with scoping and pre-sales activities including proposals and statements of work (SOWs)
Experience & Technical Proficiency
Minimum of 5 years of designing AWS architecture and operating AWS workloads in medium to large AWS environments
AWS knowledge must include networking, data security, identity and access management, and automation, and extensive hands-on with Amazon’s cloud-native security tooling services
Strong knowledge of IAM patterns (RBAC, ABAC), federated access, permission boundaries, SCPs, and RCPs
Proficiency in Infrastructure as Code (Terraform, CloudFormation) and secure coding practices
Experience with CIEM, CSPM, or CWPP tools
Skilled in threat modeling, risk analysis, and mapping controls to frameworks (e.g., NIST, CIS, MITRE ATT&CK)
Development knowledge or experience with Infrastructure as Code (IaC), such as Terraform, CloudFormation, or CDK
Working knowledge with the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM)
Familiarity with DevSecOps practices and integrating security into CI/CD pipelines
Scripting or automation skills (e.g., Python, Bash, or PowerShell)
Leadership and Collaboration
Ability to lead technical workshops, discovery sessions, and architecture reviews with clients
Comfortable advising both technical and non-technical stakeholders on cloud security strategy
Skilled in producing high-quality deliverables and communicating complex concepts clearly
Experience mentoring junior staff or guiding cross-functional teams on cloud security best practices
Collaborative mindset with a strong consulting presence and client service orientation
Education & Certifications
Bachelor’s or equivalent experience in Cybersecurity, Computer Science, Engineering, or related field.
Preferred certifications:
CISSP, CCSP, CCSK
AWS Cloud certifications: AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional
Other CSP Certifications: Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer
Ongoing commitment to professional development and staying current with cloud and security trends and certifications.