Senior Cloud Security Architect

Define and maintain the cloud security architecture, ensuring alignment with organizational goals, regulatory requirements, and industry best practices. Develop secure reference architectures, patterns, and guardrails for cloud workloads, data services, and platform components. Architect solutions that embed security controls across compute, storage, networking, identity, and application layers. Lead cloud threat modeling, security design reviews, and architectural risk assessments for new and existing systems. Design and implement identity-first security using platforms such as Azure AD/Entra ID, AWS IAM, or Okta. Establish and enforce RBAC/ABAC models, privileged access policies, MFA enforcement, conditional access, and identity lifecycle automation. Architect secure authentication and authorization integrations using OIDC, OAuth2, SAML, SCIM, and workload identities. Champion zero-trust principles across cloud environments, applications, and distributed systems. Embed security-by-default into CI/CD pipelines through automated SAST, SCA, IaC scanning, secrets detection, and container image scanning. Partner with platform and DevOps teams to integrate policy-as-code (OPA, Azure Policy, Sentinel) to enforce compliance and prevent misconfigurations. Guide teams in designing secure deployment patterns, secretless authentication, and automated vulnerability remediation workflows. Promote DevSecOps culture through enablement, documentation, and best practices. Develop cloud security standards, security baselines, and operational best practices across multi-cloud environments. Implement and manage CSPM, CWPP, and CIEM tools to continuously improve cloud security posture and identity governance. Support compliance initiatives (SOC2, HIPAA, PCI, ISO 27001, FedRAMP, etc.) through policy enforcement, evidence gathering, and architectural controls. Track emerging cloud risks, threat vectors, and vulnerabilities to ensure proactive security hardening. Architect secure network architectures leveraging segmentation, firewalls, private endpoints, WAF, DDoS protection, and service mesh solutions. Implement encryption strategies, key management, secrets management, and secure data flow patterns. Work with SRE and security operations to design logging, telemetry, and cloud-native monitoring systems for threat detection and incident response. Serve as the primary cloud security expert, advising engineers, architects, and leadership on risk, design decisions, and strategic initiatives. Lead security design workshops and architecture review boards for major cloud projects. Mentor engineering teams and foster a security-first mindset across the organization. Communicate complex security concepts clearly to both technical and non-technical stakeholders. 7-12+ years in cloud security, cloud architecture, cybersecurity engineering, or similar fields. Deep expertise with at least one major cloud provider (Azure, AWS, or GCP), with strong understanding of native security services. Hands-on experience with IAM, network security, encryption, security automation, and cloud-native architecture. Strong proficiency with Infrastructure-as-Code and DevSecOps tooling (Terraform, CI/CD, security scanners, policy-as-code). Experience implementing or supporting compliance frameworks (SOC2, HIPAA, PCI, ISO 27001, etc.). Strong scripting/programming skills (Python, PowerShell, Bash, Go preferred). Excellent communication, analytical, and leadership abilities. Experience with CrowdStrike, Palo Alto Networks, CyberArk or Zscaler platforms a plus. Microsoft and AWS certifications. Exposure to detection and response workflows and security operations center processes. Strong problem-solving ability, curiosity, and willingness to learn new tools and techniques. Excellent verbal and written communication skills, with attention to detail in documentation. API integrations, PowerShell, and/or Python competency are highly desirable.