Cloud Security Architect

About The Position

Requirements

• 5+ years of architecture experience, with at least 3 years focused on cloud environments
• 8+ years of information security experience
• Bachelor's degree preferred or equivalent work experience
• Deep expertise in designing cloud security architectures that support the business needs of large enterprises, with primary depth in AWS and functional proficiency in Microsoft Azure and Google Cloud
• Proven experience with zero trust architecture principles, encryption and key management, web application firewalls, data protection, vulnerability management, API security, and Infrastructure as Code security (Terraform, CloudFormation, or equivalent)
• Strong understanding of cloud IAM architecture, including AWS IAM policies, service control policies (SCPs), Azure Entra ID conditional access, and federated identity patterns
• Experience with cloud-native security tooling, including CNAPP, CSPM, CWPP, and CIEM solutions
• Working knowledge of container and Kubernetes security concepts, including image scanning, runtime protection, admission control, network policies, and RBAC
• Familiarity with CI/CD pipeline security practices, including shift-left security integration, secrets management, SAST/DAST, and software supply chain security concepts (SBOM, artifact signing)
• Familiarity with security frameworks and industry standards such as CIS Benchmarks, CSA CCM, NIST CSF, and cloud provider Well-Architected Frameworks
• Working knowledge of AI/ML workload security, including securing data pipelines, model hosting infrastructure, and awareness of frameworks such as OWASP Top 10 for LLMs and MITRE ATLAS
• Working technical knowledge within the network security space. Areas of familiarity should include SSE/SASE, SD-WAN, next-generation firewalls, enterprise routing and switching, microsegmentation, web application firewalls, and cloud-adjacent and edge compute
• Design and communicate cloud security monitoring and logging architectures, including native cloud provider tools and SIEM/SOAR integration
• Relevant certifications preferred: CISSP, CCSP, AWS Solutions Architect, or vendor-specific cloud security certifications (e.g., AWS Security Specialty/Network Specialty)

Responsibilities

• Plan, research, and develop security architecture for cloud solutions (SaaS, PaaS, and IaaS), which may include custom in-house solutions and third-party solutions
• Define strategies and roadmaps to support security and company technology goals
• Communicate the state of cloud security posture to cybersecurity leaders, IT leaders, and other stakeholders through a thoughtful metrics and KPI-driven message
• Develop, maintain, and enforce cloud security policies and procedures. Leverage best practices, standards, and baselines such as Cloud Security Alliance Cloud Controls Matrix (CCM), CIS Benchmarks, cloud provider Well-Architected Framework security pillars, and NIST SP 800-series
• Work with teams to define requirements, evaluate architecture, analyze trade-offs, and recommend solutions
• Create conceptual and logical architecture designs, including cloud security reference architectures and secure landing zone designs
• Assess risks through threat modeling and white-boarding exercises with teams
• Evaluate products and tools through Proof of Value exercises
• Advise product teams on the security implications of their roadmaps
• Partner with engineering teams, cloud platform teams, and other peer architecture teams to ensure security is embedded in technical decisions from design through implementation
• Define and maintain cloud account/subscription governance, including organizational unit structure, service control policies, and permission boundaries
• Design and advise on security architectures for CI/CD pipelines, including secrets management, IaC scanning, container image scanning, and artifact integrity
• Architect cloud-native security monitoring and logging strategies, including integration with Grainger’s SIEM/SOAR platform
• Evaluate and mature cloud-native security tooling to support detection, prevention, and compliance objectives
• Mentor peers and junior architects through design reviews, knowledge sharing, and technical leadership across the security architecture team

Benefits

• Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
• 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
• 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
• Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
• Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.