AWS Security Architect

DATAECONOMY-posted about 13 hours ago
Full-time • Mid Level
Hybrid • Boston, MA
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

We are looking for an experienced AWS Cloud Security Architect with strong hands-on expertise in Open Policy Agent (OPA) to design, implement, and govern security controls across our cloud platforms. You will be responsible for defining security architecture, governing multi-account AWS environments using AWS Control Tower and Service Control Policies (SCPs), codifying policies as code, and partnering with engineering teams to embed security into CI/CD pipelines and cloud-native applications.

  • Design and own end-to-end security architecture on AWS, ensuring alignment with best practices and industry standards (CIS, NIST, ISO 27001, etc.).
  • Design and govern multi-account AWS environments using AWS Control Tower, landing zones, and account baselines.
  • Define and maintain secure reference architectures for VPCs, network segmentation, IAM, encryption, logging, monitoring, and account-level guardrails.
  • Define and manage Service Control Policies (SCPs) to enforce preventative security controls and governance across AWS Organizations.
  • Evaluate and recommend AWS native security services (e.g., IAM, KMS, Control Tower, Organizations, SCPs, Security Hub, GuardDuty, WAF, Shield, Macie, Config) and third-party tools.
  • Design and implement policy-as-code solutions using Open Policy Agent (OPA) and Rego for: Kubernetes admission control (e.g., Gatekeeper) API authorization CI/CD checks (e.g., Terraform plan validation, image scanning gates)
  • Align OPA policies with AWS governance controls such as SCPs and Control Tower guardrails to provide layered defense (preventative + detective).
  • Define reusable policy libraries and guardrails to enforce security, compliance, and governance across environments.
  • Integrate OPA with developer workflows and pipelines, enabling shift-left security with automated policy checks.
  • Work closely with platform and DevOps teams to ensure OPA policies are scalable, testable, and observable.
  • Establish and maintain cloud security standards, account baselines, and governance models for AWS accounts, workloads, and data.
  • Leverage AWS Control Tower guardrails (mandatory and elective) to enforce organizational security and compliance requirements.
  • Work with Compliance / Risk teams to map OPA policies, SCPs, and AWS native controls to regulatory requirements (e.g., GDPR, SOC 2, PCI-DSS, as applicable).
  • Drive security posture management using AWS Config, Security Hub, Control Tower, and CSPM platforms.
  • Implement infrastructure and governance controls through Infrastructure as Code (Terraform / CloudFormation), including SCPs and Control Tower customization.
  • Collaborate with DevOps / SRE teams to embed security controls into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.).
  • Automate detection and remediation of security misconfigurations using Lambda functions, AWS Config rules, OPA policies, and SCP-based preventative controls.
  • Act as a trusted security partner for application, data, and platform engineering teams.
  • Review high-risk solutions and architectural changes, providing security sign-off and governance guidance.
  • Lead threat modeling, cloud security assessments, and multi-account architecture reviews.
  • Provide mentoring and training on cloud security, AWS governance (Control Tower/SCPs), and OPA best practices.
  • 10+ years of overall IT experience with at least 6+ years focused on cloud security (preferably AWS).
  • Strong, hands-on experience with AWS: AWS Organizations, Control Tower, and Service Control Policies (SCPs) VPCs, Subnets, NACLs, Security Groups IAM (roles, policies, permission boundaries) KMS, CloudTrail, CloudWatch, Config Load Balancers, API Gateway, Lambda, ECS/EKS (preferred)
  • Expertise in Open Policy Agent (OPA): Writing and maintaining Rego policies Integration with Kubernetes, microservices, and CI/CD workflows
  • Solid understanding of cloud security principles: Identity and access management (IAM) Network security, segmentation, and zero-trust concepts Encryption in transit/at rest and key management Logging, monitoring, and incident detection
  • Experience with Infrastructure as Code (Terraform or CloudFormation).
  • Familiarity with DevOps and CI/CD tools and practices.
  • Strong knowledge of security frameworks and standards (CIS Benchmarks, NIST, ISO 27001, OWASP, etc.).
  • Proficiency in at least one scripting or programming language (Python, Go, Bash).
  • Experience with Gatekeeper / Styra is a plus
Track Jobs with Teal

Job Search Resources

AI Resume Builder
AWS Solutions Architect Resume Examples
AWS Solutions Architect Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service