Cloud Security Architect

About The Position

Requirements

• Deep hands-on experience architecting security controls in AWS, Azure, and GCP production environments
• Demonstrated proficiency with CSPM tools (CrowdStrike Falcon, Wiz, Prisma Cloud, or similar platforms)
• Strong knowledge of CIS Benchmarks, cloud security frameworks (CSA CCM, NIST), and compliance standards (SOC 2, GDPR, HIPAA)
• Expertise in Infrastructure-as-Code security scanning and policy enforcement (Checkov, Trivy, Terraform Sentinel, OPA)
• Experience integrating security controls into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, Azure DevOps)
• Solid understanding of container security, Kubernetes security, and serverless security patterns
• Proficiency with scripting and automation (Python, Bash, PowerShell)
• Proven ability to design security architectures that scale across large, complex cloud environments
• Track record of successfully partnering with DevOps and engineering teams to implement security without blocking delivery
• Experience driving security tool migrations and consolidations with minimal disruption
• Strong analytical skills to assess risk, prioritize work, and make pragmatic security decisions
• Ability to translate technical security concepts into language that resonates with both technical and business stakeholders
• Excellent written and verbal communication skills; able to produce concise architecture documentation and executive summaries
• Demonstrated ability to influence engineering teams through technical credibility rather than authority
• Comfortable presenting security recommendations to senior technical leadership and defending design decisions
• Self-directed and outcome-focused; able to identify problems, propose solutions, and drive them to completion with minimal supervision
• 7 to 10+ years of experience in information security with at least 5 years focused on cloud security architecture
• Hands-on experience implementing and operating CSPM solutions in multi-cloud environments
• Proven track record architecting security controls for large-scale cloud deployments (1,000+ resources)
• Experience with CIS Benchmarks implementation and compliance enforcement
• Strong understanding of cloud-native architecture patterns and security implications
• Bachelor's degree in Computer Science, Information Security, or equivalent practical experience

Nice To Haves

• Relevant cloud security certifications (AWS Certified Security – Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, CCSP)
• Experience with CrowdStrike Falcon CSPM or other leading CSPM/CNAPP platforms
• Background in DevSecOps, SRE, or cloud platform engineering
• Familiarity with OWASP SAMM or similar security maturity frameworks
• Prior experience in regulated industries (healthcare, financial services) with SOC 2, HIPAA, or PCI-DSS compliance requirements
• Contributions to open-source security tools or cloud security communities

Responsibilities

• Architect, implement, and continuously improve cloud security posture management across AWS, Azure, and GCP environments supporting hundreds of applications
• Lead the migration from AquaSec to CrowdStrike Falcon CSPM, ensuring continuity of visibility and compliance enforcement
• Establish and maintain compliance with CIS Benchmarks Level 1 standards across all cloud platforms
• Design monitoring and alerting strategies that surface actionable security gaps to both security and engineering teams
• Implement automated security scanning and policy enforcement for Terraform, CloudFormation, and other IaC frameworks
• Integrate tools like CrowdStrike Falcon, Checkov and Trivy into CI/CD pipelines to prevent misconfigurations before deployment
• Develop policy-as-code frameworks that codify security requirements and enable self-service compliance
• Embed security controls directly into cloud deployment pipelines using native platform capabilities and third-party tooling
• Partner with DevOps teams to build secure-by-default infrastructure templates and golden paths
• Conduct architecture reviews for new cloud services and deployment patterns
• Translate complex security requirements into practical, actionable guidance for engineering teams
• Conduct cloud security assessments, threat modeling, and architecture reviews for critical workloads
• Identify and prioritize security risks based on business impact, exploitability, and compensating controls
• Work with product teams to implement mitigations that balance security effectiveness with operational feasibility
• Manage and optimize cloud-native security tooling including CSPM, CNAPP, and secret scanning solutions
• Build automation to reduce manual security work and improve consistency of controls
• Establish metrics and reporting that demonstrate security posture improvement and compliance trends

Benefits

• Base annual salary target: $120000 - $150000
• Opportunity for annual cash bonus
• Health / Dental / Vision Benefits Day-One
• 5% matching 401k
• Financial support
• Pet insurance
• Mental health resources
• Volunteer paid days off
• Employee stock program
• Foundation donation matching