Security Architect (Cloud Security & Compliance)

About The Position

Requirements

• 10+ years of experience in security architecture, cloud security, or related roles.
• Proven track record designing and managing security architectures in AWS cloud environments.
• Experience leading organizations through SOC2, NIST, ISO27001, or similar compliance frameworks.
• Undergraduate degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related field, or equivalent work experience in cloud security and architecture.
• AWS Security Tools: GuardDuty, Security Hub, IAM, KMS, CloudTrail, Config, Macie, Inspector.
• External Security Solutions: WIZ.io, Mend.io, SonarQube, Cortex, Akamai, Cognito, Balbix, Splunk, GitLeaks or similar
• GRC Platforms: ServiceNow GRC, Archer, OneTrust, and related processes.
• Infrastructure as Code: Terraform, CloudFormation for security automation and compliance.
• CI/CD Security: Security integration in CI/CD pipelines (Bitbucket, Jenkins, GitHub Actions).
• Scripting: Python and Shell for automation and security tasks.
• Vulnerability Management: Vulnerability scans, penetration testing, and remediation.
• Regulatory Knowledge: SOC2, NIST, ISO27001, GDPR, and other relevant regulations.
• Monitoring & Logging: Security monitoring, SIEM solutions, and log management.
• Incident Response: Security incident detection, response, and reporting.

Nice To Haves

• Preferred certifications: AWS Certified Security – Specialty, Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP).

Responsibilities

• Cloud Security Architecture & Strategy: Design, develop, and oversee the implementation of comprehensive security architectures for AWS cloud environments and connected products, ensuring confidentiality, integrity, and availability of systems and data.
• Security Solution Design & Integration: Architect and integrate AWS native security tools (e.g., GuardDuty, Security Hub, IAM, KMS, CloudTrail, Config) and external solutions (e.g., CSPM, Secure SDLC, SIEM) for holistic security coverage.
• Compliance & Certification: Lead the security strategy for SOC2, NIST, ISO27001, and other regulatory certifications. Define and maintain documentation, evidence, and processes required for compliance readiness.
• Governance, Risk, and Compliance (GRC): Architect and oversee GRC processes, including risk assessments, policy development, control mapping, and remediation tracking for cloud environments.
• Security Automation & Infrastructure: Design and implement automated security controls and monitoring solutions using infrastructure-as-code (Terraform, CloudFormation), CI/CD pipelines, and scripting (Python, Shell).
• Incident Response Strategy: Develop and guide incident response plans, lead detection and investigation efforts, and coordinate with internal teams for timely resolution and root cause analysis.
• Vulnerability Management Oversight: Architect vulnerability management programs, including regular assessments, penetration testing, and remediation for cloud infrastructure and applications.
• Security Awareness & Enablement: Lead organization-wide security awareness initiatives, provide training, and foster a culture of security through strategic communication and enablement.
• Documentation & Reporting: Define and maintain security architecture documentation, controls, incident records, and compliance activities. Prepare executive-level reports for stakeholders and leadership.

Benefits

• Medical, dental, life, vision, disability, 401(k), Employee Stock Purchase Plan, paid time off, and tuition reimbursement in addition to programs & benefits in support of your well-being.
• Discounts on Stanley Black & Decker tools and other partner programs.