Associate Principal Cloud Security Architect

About The Position

Requirements

• Undergraduate or Graduate degree in cybersecurity, computer science, software engineering or/and technical engineering or a proven track record of excellence in cybersecurity.
• 10+ years of product security, security risk management, and progressive experience focused on a combination of cloud and AI security
• 5+ years designing cloud security architectures in enterprise environments
• 5+ years of hands‑on experience securing production workloads in at least one major cloud platform (AWS, Azure, or GCP)
• 3+ years of direct experience securing AI, machine learning, or advanced data analytics platforms in cloud environments
• 3+ years in a Product Security and/or Application Development Security function in a regulated environment
• Domain expertise in Cybersecurity, Cloud & AI security
• Have experience with the implementation of Cloud Domain specific standards and approaches for product security and privacy
• Comprehensive knowledge of multi-cloud, cloud agnostic security architectures
• Proficiency with both interpreted and non-interpreted coding languages and practices
• Deep hands-on experience in building and operationalizing a comprehensive DevSecOps Program strategy, at scale, within an enterprise environment.
• Experience implementing security analysis and testing tools (SCA, SAST, DAST, fuzzing) in a DevSecOps pipeline
• Proven competence in threat modeling software systems or software enabled products using industry standard methods (STRIDE, PASTA, NIST, OWASP)
• Experience analyzing security vulnerability scanning results and determining the priority of patching activities
• Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual risk after applying compensating security controls
• Experience working with teams in a structured software development lifecycle process, preferably an agile methodology
• Demonstrated technical competence and ability to effectively convey technical information to all levels and fields within an organization, from engineers to senior leadership to enable fact-based decision-making
• Proven ability to operate multi-functionally to complete business initiatives
• Demonstrated ability to translate strategies into objectives, tactics, and execution tasks
• Demonstrated ability to establish structure around ambiguous problems
• Strong written and verbal communication skills, collaboration skills, including conflict resolution

Nice To Haves

• Experience with connected products, software development lifecycle, security automation, network technologies, and supply chain security are preferred
• Certifications such as CCNA, CCIE, CISSP, CISM, GIAC, MCSE, CCSP or equivalent, GPEN, CEH are preferred

Responsibilities

• Collaborate with all levels and geographies within the STS organization and respective BUs to advance the product security strategy and objectives within the portfolio.
• Technology & Domain Leadership: Architecting and supporting implementation of complex security controls across multi-cloud environments (e.g., Azure, AWS, GCP).
• Define and implement Zero Trust principles, cloud security standards, and reference architectures.
• Lead the design of secure landing zones, guardrails, and multi-cloud governance frameworks.
• Partner with engineering teams to embed security into application and infrastructure designs.
• Architect identity and access strategies across various cloud solutions
• Design secure network architectures including segmentation, private connectivity, and cloud-native firewalls.
• Conduct threat modeling, architecture reviews, and risk assessments of cloud-based infrastructure, applications, and services.
• Drive continuous improvement of cloud security posture through automation and monitoring.
• Reviewing cloud architecture and configurations to validate security posture and data protection.
• Leading threat modeling, risk assessments, and vulnerability management for cloud-native services.
• Administering cloud security testing, including penetration testing, misconfiguration audits, and incident simulations.
• Collaborating with DevOps and engineering teams to embed security into CI/CD pipelines and cloud deployments.
• Automate cloud security controls using Terraform, Python, PowerShell, and policy-as-code frameworks.
• Driving remediation of security findings and ensuring alignment with regulatory and compliance frameworks.
• Leading security reviews of cloud perimeter defenses (e.g., WAFs, cloud-native firewalls, DDoS protection).
• Managing cloud security controls and endpoint protection platforms (e.g., Defender for Cloud, CrowdStrike, Cloudflare, Proofpoint TAP).
• Providing technical guidance and mentorship to engineers and multi-functional teams.
• Developing and maintaining cloud security policies, playbooks, and documentation.
• Emerging Technologies: Know the latest emerging technologies and industry trends to drive innovation and manage associated risks.
• AI & Cloud Security: Design and implement security strategies for cloud-based AI systems Conduct risk assessments and vulnerability analyses on AI models and cloud infrastructure, develop and enforce security policies, standards, and protocols for AI and cloud environments Monitor and respond to security incidents involving AI and cloud platforms Collaborate with engineering teams to integrate security controls into AI workflows Lead security audits and compliance reviews for cloud-based AI solutions Evaluate and recommend security tools and technologies for AI and cloud applications Train and mentor staff on AI security awareness and secure development practices Know the latest emerging threats, vulnerabilities, and advancements in AI and cloud security Report on security metrics, incidents, and improvements to senior leadership.
• DevSecOps Leadership: Define a comprehensive, enterprise scaled DevSecOps Program Strategy and evolve the strategy to meet the continued needs of the organization Lead and oversee the implementation strategy and partner on the execution plan for realization. Operationalize the governance structure for the DevSecOps Program and ensure compliance with internal and external policies, guidelines, and industry standards. Align security tooling strategy to DevSecOps program objectives and advise drive harmonization across R&D organizations Ensure integration of security across the entire SDLC Report on performance metrics to senior leadership.
• Multi-functional Collaboration: Work closely with R&D and product teams to evaluate security risk, solutions, and drive security remediations into product releases. Champion initiatives such as demonstrating innovative product security processes & technologies.
• Leadership & Management: Collaborate with or mentor a small team of Product Security Engineers where applicable. Work with multi-functional teams and customers to ensure projects are meeting technical objectives and deadlines.
• Customer Management: Communicate effectively to ensure alignment with business goals and technical feasibility. Engage in technical discussions with PSO and BD leadership as well as speaking in public forums where applicable. Enable development of Security Champions across the organization. May perform other duties as required