AVP, Cloud Security Architect

About The Position

Requirements

• 7+ years of experience in security architecture/engineering with significant focus on cloud and hybrid environments.
• Strong hands-on experience securing Microsoft Azure, including enterprise foundational services and common workload patterns.
• Proven experience designing and operationalizing security configuration baselines and ensuring they remain enforced over time (e.g., Azure Policy, automation, drift detection).
• Working knowledge of container/Kubernetes security (AKS or similar), including supply chain controls and runtime protections.
• Strong understanding of security domains: IAM, network security, encryption/key management, logging/monitoring, vulnerability management, and incident readiness.
• Ability to influence engineering outcomes through clear documentation, diagrams, reference architectures, and pragmatic guidance (without direct authority).
• Ability and flexibility to travel for business as required

Nice To Haves

• Experience with Azure-native security and governance services: Defender for Cloud, Azure Policy, Sentinel, Key Vault, Private Link, Entra ID security controls.
• Strong IaC and automation skills: Terraform, Bicep/ARM; CI/CD integration; scripting/programming (Python, PowerShell, C#, or similar).
• Experience translating security requirements into policy-as-code and automated governance patterns (preventative controls, continuous compliance reporting).
• Familiarity with regulated environments and security control mapping (NIST/ISO/CIS, etc.).
• Certifications (preferred): AZ-500, SC-100, CCSP, CISSP (or equivalent).
• Azure, AKS/containers, Terraform, Bicep/ARM, Azure Policy, Defender for Cloud, Key Vault, Sentinel, CI/CD tooling (GitHub/Jenkins), scripting/programming, automation frameworks, Wiz, Qualys.

Responsibilities

• Define Azure cloud security architecture including secure landing zone patterns, reference architectures, and guardrails for shared services and workload teams.
• Create and maintain configuration baselines and hardening standards for Azure services and foundational components (identity, networking, compute, storage, logging/monitoring).
• Lead security architecture for AKS/containers and cluster ecosystems, including: image and artifact security (scanning, provenance where applicable), secrets management patterns, runtime protections and cluster hardening, network policies and workload isolation.
• Establish secure patterns for infrastructure-as-code (Terraform/Bicep/ARM) and CI/CD pipelines, enabling policy-as-code, preventative controls, and shift-left security.
• Perform architecture/design reviews, threat modeling, and risk assessments for cloud initiatives; document findings, recommendations, and required remediation actions.
• Define practical approaches for exception handling and compensating controls aligned to enterprise standards.
• Drive measurable cloud security posture improvements (baseline compliance, control coverage, drift detection, remediation SLAs) through actionable recommendations and automation.
• Build and publish reusable templates, modules, and “golden configurations” that enable secure self-service (“paved road”) delivery.
• Partner with Security Operations and platform teams to ensure cloud architectures support logging, monitoring, detection, and incident readiness.
• Perform other duties and/or special projects as assigned.