AVP, Cloud Security Architect

SynchronyCincinnati, OH
23h

About The Position

Synchrony is seeking a Cloud Security Architect (Azure) to serve as a technical subject matter expert within the Security Architecture team, responsible for secure-by-design architecture across Azure and hybrid environments. This role focuses on defining reference architectures, configuration baselines, and scalable guardrails for Azure services, cloud infrastructure components, and container platforms (AKS). The architect will partner with platform, infrastructure, and application teams to translate security requirements into actionable designs and to operationalize controls through automation, IaC, and policy-as-code. This is a technical individual contributor role emphasizing architecture rigor, hands-on depth in Azure security, high-quality documentation, and practical enablement of engineering teams through repeatable patterns.

Requirements

  • 7+ years of experience in security architecture/engineering with significant focus on cloud and hybrid environments.
  • Strong hands-on experience securing Microsoft Azure, including enterprise foundational services and common workload patterns.
  • Proven experience designing and operationalizing security configuration baselines and ensuring they remain enforced over time (e.g., Azure Policy, automation, drift detection).
  • Working knowledge of container/Kubernetes security (AKS or similar), including supply chain controls and runtime protections.
  • Strong understanding of security domains: IAM, network security, encryption/key management, logging/monitoring, vulnerability management, and incident readiness.
  • Ability to influence engineering outcomes through clear documentation, diagrams, reference architectures, and pragmatic guidance (without direct authority).
  • Ability and flexibility to travel for business as required

Nice To Haves

  • Experience with Azure-native security and governance services: Defender for Cloud, Azure Policy, Sentinel, Key Vault, Private Link, Entra ID security controls.
  • Strong IaC and automation skills: Terraform, Bicep/ARM; CI/CD integration; scripting/programming (Python, PowerShell, C#, or similar).
  • Experience translating security requirements into policy-as-code and automated governance patterns (preventative controls, continuous compliance reporting).
  • Familiarity with regulated environments and security control mapping (NIST/ISO/CIS, etc.).
  • Certifications (preferred): AZ-500, SC-100, CCSP, CISSP (or equivalent).
  • Azure, AKS/containers, Terraform, Bicep/ARM, Azure Policy, Defender for Cloud, Key Vault, Sentinel, CI/CD tooling (GitHub/Jenkins), scripting/programming, automation frameworks, Wiz, Qualys.

Responsibilities

  • Define Azure cloud security architecture including secure landing zone patterns, reference architectures, and guardrails for shared services and workload teams.
  • Create and maintain configuration baselines and hardening standards for Azure services and foundational components (identity, networking, compute, storage, logging/monitoring).
  • Lead security architecture for AKS/containers and cluster ecosystems, including: image and artifact security (scanning, provenance where applicable), secrets management patterns, runtime protections and cluster hardening, network policies and workload isolation.
  • Establish secure patterns for infrastructure-as-code (Terraform/Bicep/ARM) and CI/CD pipelines, enabling policy-as-code, preventative controls, and shift-left security.
  • Perform architecture/design reviews, threat modeling, and risk assessments for cloud initiatives; document findings, recommendations, and required remediation actions.
  • Define practical approaches for exception handling and compensating controls aligned to enterprise standards.
  • Drive measurable cloud security posture improvements (baseline compliance, control coverage, drift detection, remediation SLAs) through actionable recommendations and automation.
  • Build and publish reusable templates, modules, and “golden configurations” that enable secure self-service (“paved road”) delivery.
  • Partner with Security Operations and platform teams to ensure cloud architectures support logging, monitoring, detection, and incident readiness.
  • Perform other duties and/or special projects as assigned.
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service