Cloud Network Security Architect - FEDramp

About The Position

Requirements

• 10+ years of experience in network and security architecture, with strong focus on cloud platforms.
• Deep expertise in cloud networking concepts: routing, DNS, load balancing, NAT, private connectivity, and network segmentation.
• Hands‑on experience securing AWS and/or Azure networking services (VPC/VNet, Gateway, Firewall, Private Link, NSGs, Route Tables).
• Strong understanding of network security technologies: firewalls, WAF, IDS/IPS, DDoS, proxy, and micro‑segmentation.
• Experience implementing zero‑trust and identity‑centric network access models.
• Proficiency with Infrastructure as Code and automation tools (Terraform, Ansible, CloudFormation).
• Solid understanding of TCP/IP, BGP, IPSec, TLS, and network encryption mechanisms.
• Experience working in regulated and compliance‑driven environments.

Nice To Haves

• Cloud certifications (AWS Certified Security – Specialty, Azure Security Engineer, CCSP).
• Experience with multi‑cloud or large‑scale cloud migration programs.
• Knowledge of SASE, CASB, and secure access service edge architectures.
• Familiarity with SIEM/SOAR and security monitoring integrations.
• Experience supporting DevSecOps and CI/CD security integration.

Responsibilities

• Implement Zero Trust network architecture, including segmentation, least-privilege access, and consistent policy enforcement across users, workloads, and services in hybrid environments.
• Design and validate secure on-prem and cloud networking patterns (VPC/VNet, subnets, routing, TGW/peering, ingress/egress) using cloud-native controls and enterprise platforms.
• Partner with application/platform/infrastructure teams to capture connectivity and security requirements (ports/protocols, data flows, trust boundaries) and translate them into actionable security architectures.
• Define and standardize firewall policies and segmentation models, providing clear guidance on use of Palo Alto/Prisma vs. cloud-native mechanisms (SG/NSG, NACLs, route controls).
• Lead design reviews, threat modeling, and exception handling; produce and maintain standards, reference designs, and architecture decision records to drive secure-by-design outcomes.
• Collaborate with perimeter defense/SecOps to streamline rule discovery, risk review, approvals, and deployments (including automation); support troubleshooting and optimization for performance and resiliency.

Benefits

• Paid time off based on employee grade (A-F), defined by policy: Vacation: 12-25 days, depending on grade
• Company paid holidays
• Personal Days
• Sick Leave
• Medical, dental, and vision coverage (or provincial healthcare coordination in Canada)
• Retirement savings plans (e.g., 401(k) in the U.S., RRSP in Canada)
• Life and disability insurance
• Employee assistance programs
• Other benefits as provided by local policy and eligibility