Cloud Security Architect

The Cloud Security Architect will play a critical role in ensuring the security of our clients' digital infrastructure, applications, and data assets.

This individual will lead efforts to design, implement, and maintain robust, cloud-based security solutions that protect our clients from cyber threats and vulnerabilities.

As a member of the information security team, the Cloud Security Architect will play a key leadership role in the InfoSec function of security architecture and provide guidance to other enterprise teams for all cloud security-related matters in Azure.

This is a full-time, exempt, remote position.

Responsibilities: Design, implement, and maintain robust security architecture across our client's cloud infrastructure in Azure.Identify security gaps, define security standards, and lead the remediation of security risks to deliver continuous improvement initiatives.Design and implement secure cloud infrastructure configurations, including network segmentation, access controls, and account architectureDevelop, implement, and socialize technical patterns, standards, and guidance for cloud infrastructure and applicationsMonitor cloud security posture and conduct regular security assessments and risk analysis to identify vulnerabilities and prioritize remediation effortsAutomate security policies and workflows using scripting languages and cloud native security tools to improve efficiency and scalabilityAssist with incident response activities for cloud-related security incidents, including investigation, containment, remediation, and post-mortem analysis.Collaborate with cross-functional teams (Product, DevOps, Technology, Legal, and Compliance to integrate security practices into cloud deployments.

Requirements: Deep technical knowledge and hands-on experience with Azure and emerging cloud security technologies.Expert level knowledge of cloud-based misconfigurations, attack paths, vulnerabilities, and data risksExtensive knowledge and experience with DevSecOps in an Azure environment and securing CI/CD PipelinesAzure focused Infrastructure as Code (IaC) proficiency with experience deploying secure infrastructure (Bicep/Terraform/ARM)Strong Azure security fundamentals and experience administering Entra ID tenants and all associated objects and resourcesAzure VNet experience – Understanding of Azure native NGSs, firewalls, and VPNsHands-on experience implementing CNAPP solutions (including CSPM, DSPM, CIEM, IaC, Container, and dependency security)Demonstrated experience developing and implementing security controls, policies, and procedures for cloud infrastructure and sensitive dataIn-depth understanding and experience implementing Zero Trust Architecture (ZTA) in the cloudStrong familiarity with Snowflake and related security concepts, including data encryption and masking, auditing and monitoring, RBAC, and leveraging least privilege principles.Prior experience implementing and monitoring data loss prevention solutions in a cloud environmentExperience with implementing and utilizing SASE solutions like Zscaler to secure remote access Supervisory Responsibilities: None.

Experience: 10+ years of overall IT Experience with a major emphasis on Information Security.3+ years of experience building and integrating systems within Azure cloud.Strong experience with implementing and utilizing SASE solutions like Zscaler to secure remote access.Experience implementing Zero Trust Architecture (ZTA) in Azure cloud.Hands-on experience implementing CNAPP solutions (including CSPM, DSPM, CIEM, IaC, Container, and dependency security).Strong experience implementing and monitoring data loss prevention solutions in an Azure cloud environment.Knowledge of cybersecurity frameworks (ISO 27001, NIST 800-53, CIS Controls, PCI DSS, HITRUST). Education: Bachelor’s degree preferred.Cloud Security Certifications, CISSP or CCSP certifications are preferred.