Cybersecurity Architect

Job Description

Assume ownership of the comprehensive security architecture for our AWS and Azure cloud environments, encompassing networking, IAM, data encryption, and logging. Incorporate security measures into CI/CD pipelines, utilizing automated SAST/DAST scanning, software composition analysis (SCA), and container image scanning in Kubernetes. Create and execute a Zero Trust architecture, featuring micro-segmentation, least-privilege access, and ongoing device posture validation. Perform threat modeling for new product features and microservices, employing the STRIDE or OWASP threat modeling frameworks. Develop and oversee security-as-code using Terraform, CloudFormation, or Pulumi, guaranteeing that all cloud resources are deployed with hardened baselines. Choose, implement, and oversee security tools, such as CSPM, CWPP, SIEM, and SOAR platforms, integrating them with current DevOps workflows. Spearhead the response to security incidents by conducting forensic analysis on cloud workloads and suggesting architectural solutions to prevent recurrence. Collaborate with legal and compliance teams to align technical controls with the requirements of SOC 2, HIPAA, PCI-DSS, and GDPR. Formulate secrets management solutions using HashiCorp Vault or cloud-native key management services (KMS). Produce and maintain architecture diagrams, runbooks, and threat models for all essential systems. Advise software engineers on secure coding practices and lead regular architecture review sessions. Take part in an on-call rotation for security emergencies and crucial patch deployments.

Qualifications

1. Possess experience in cybersecurity roles, with a minimum of 4 years specializing in architecting security solutions within a cloud-native environment. 2. Demonstrate robust programming or scripting skills in Python, Go, TypeScript, or Bash. 3. Exhibit hands-on experience with container orchestration (Kubernetes, EKS, AKS, or GKE) and service mesh technologies (Istio, Linkerd). 4. Have extensive expertise in at least one major cloud provider (AWS, Azure, or GCP), including native security services (Security Hub, GuardDuty, Sentinel, Policy as Code). 5. Proficiency in Infrastructure as Code: Terraform, CloudFormation, or ARM templates. 6. Familiarity with CI/CD Tools: GitHub Actions, GitLab CI, Jenkins, or ArgoCD. 7. Expertise in Container Security: Docker, Kubernetes security contexts, admission controllers (OPA/Gatekeeper), and image scanning (Trivy, Clair). 8. Understanding of Identity & Access: OIDC, OAuth 2.0, workload identity, and conditional access policies. 9. Knowledge of Monitoring & Logging: Prometheus, OpenTelemetry, ELK Stack, or Datadog. 10. Certifications (Desirable but not mandatory): Certified Kubernetes Security Specialist (CKS), AWS Certified Security – Specialty or Azure Security Engineer Associate, GIAC Cloud Security Essentials (GCLD), Certified DevSecOps Professional (CDP)

Benefits

- Clear scope with no ambiguity over deliverables - Opportunity for repeat engagements based on performance