AWS Security Architect

About The Position

Requirements

• 7+ years of experience in cybersecurity, cloud security, or security engineering
• 4+ years of Architecture experience securing AWS environments at scale
• Proven experience designing and securing complex, multi-tenant cloud architectures, including tenant isolation and segmentation strategies
• Demonstrated ability to operate at both strategic architectural and hands-on engineering levels
• Excellent communicator, conversant in working across teams to drive security improvements and communicating complex information to senior leadership.
• Deep expertise in AWS security services (IAM, Config, GuardDuty, Security Hub, CloudWatch)
• Strong experience designing tenant-aware identity and access management (IAM) models, ideally including EntraID and OAuth expertise.
• Experience with infrastructure as code (Terraform and/or AWS CloudFormation) in large-scale, multi-environment deployments
• Solid knowledge of cloud network security, including segmentation approaches for multi-tenant environments (VPCs, WAF, firewalls, VPNs)
• Experience securing CI/CD pipelines in shared or multi-tenant delivery environments
• Proven track record implementing secure baselines, guardrails, and policy-driven controls at scale

Nice To Haves

• Experience with AWS Control Tower and multi-account landing zone architectures
• Experience designing secure multi-tenant platform patterns (SaaS or shared services models)
• Experience with Amazon Macie and data protection in multi-tenant contexts
• An understanding of securing Agentic AI deployment, ideally including Bedrock/AgentCore.
• Familiarity with Microsoft security tooling (Sentinel, Defender XDR, Entra ID)
• Background in software development or engineering-led organizations (strong asset)
• Experience working in cloud-native, product-driven, or SaaS environments
• AWS Certified Security – Specialty
• CISSP or equivalent certification

Responsibilities

• Define, own, and evolve the AWS cloud security architecture across complex, multi-account, multi-tenant environments, ensuring proper tenant isolation and secure shared services
• Design and implement scalable, tenant-aware security guardrails, controls, and landing zone frameworks
• Establish and maintain secure configuration baselines and policy enforcement that operate effectively across multiple tenants and environments
• Serve as the AWS security subject matter expert, providing both strategic direction and hands-on technical leadership in high-complexity environments
• Architect and implement secure multi-tenancy models, including isolation strategies (account, VPC, and application-level), segmentation, and boundary enforcement
• Partner with Infrastructure, Software Engineering, and Data Engineering teams to embed security into multi-tenant platforms and development workflows
• Drive identity-first security architecture, ensuring strong tenant-aware IAM design, least-privilege access, and federation strategies
• Integrate security into DevSecOps pipelines, supporting secure delivery of applications across tenants
• Contribute to and enhance security monitoring, detection, and incident response, including tenant-level visibility and response patterns
• Support security governance, compliance, and audit readiness, ensuring controls scale effectively across tenants without introducing operational friction
• Continuously evaluate and improve security posture in distributed, high-scale, multi-tenant cloud environments

Benefits

• up to 10% discretionary incentive target