Senior Cloud Security Architect

About The Position

Requirements

• Expert knowledge of Identity-First Security, including CIEM, Just-In-Time (JIT) access, and complex OIDC/SAML flows.
• Proficiency in Python, Go, or Bash to build custom security automations and integrate with SOAR platforms.
• Deep experience embedding automated security testing (SAST/DAST/SCA) directly into CI/CD pipelines.
• Advanced understanding of secure connectivity, including SD-WAN, Cloud WAF, and Zero Trust Network Access (ZTNA).
• BS degree from an accredited College/University in the applicable field of services is required, or four additional years of relevant experience in lieu of a college degree. If the individual's degree is not in the applicable field, then four additional years of related experience is required.
• Strong ability to bridge the gap between "Speed of DevOps" and "Rigors of Security" while communicating clearly with executive leadership
• Proven ability to influence technical roadmaps and present security risks clearly to C-suite stakeholders.
• US Citizen or permanent status Green Card holder.
• Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. (Exception does not include military family members.)

Nice To Haves

• Candidates located in Morrisville, NC; Falls Church, VA; or Eagan, MN given preference. Non-local support will be considered for highly qualified candidates.
• Top-tier credentials.
• Advanced degree in Computer Science, Cybersecurity, or a related engineering field preferred.

Responsibilities

• Lead the design of a global Zero Trust architecture, ensuring robust identity governance (IAM), network micro-segmentation, and data encryption across AWS, Azure, or GCP.
• Architect specialized security frameworks for AI/ML pipelines, focusing on data privacy for training sets, model integrity, and securing LLM-integrated applications against emerging attack vectors.
• Develop and enforce enterprise-wide security policies using Terraform, etc., ensuring that non-compliant infrastructure is automatically remediated or blocked from deployment.
• Design and oversee the integration of CNAPP and CSPM tools to provide real-time visibility into misconfigurations, vulnerabilities, and excessive permissions.
• Conduct deep-dive threat modeling for complex cloud-native systems, simulating advanced persistent threats (APTs) and "blast radius" scenarios to strengthen system resilience.
• Act as the lead security advisor for the Cloud Architecture team, bridging the gap between DevOps agility and rigorous regulatory compliance (SOC2).

Benefits

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option