Cloud Security Architect - AWS

We offer products and solutions in Cloud, Data Engineering, Data Governance, AI/ML, DevOps and Blockchain to large corporates across the globe. Strategic Partners with AWS, Collibra, cloudera, neo4j, DataRobot, Global IDs, tableau, MuleSoft and Talend.

• Design and own end-to-end security architecture on AWS, ensuring alignment with best practices and industry standards (CIS, NIST, ISO 27001, etc.).
  
• Define and maintain secure reference architectures for VPC, network segmentation, IAM, encryption, logging, and monitoring.
  
• Evaluate and recommend AWS native security services (e.g., IAM, KMS, Security Hub, GuardDuty, WAF, Shield, Macie, Config) and third-party tools.
  

• Design and implement policy-as-code solutions using Open Policy Agent (OPA) and Rego for:
  
• Kubernetes admission control (e.g., Gatekeeper)
  
• API authorization
  
• CI/CD checks (e.g., Terraform plan validation, image scanning gates)
  
• Define reusable policy libraries and guardrails to enforce security, compliance, and governance across environments.
  
• Integrate OPA with developer workflows and pipelines, enabling shift-left security with automated policy checks.
  
• Work closely with platform and DevOps teams to ensure OPA policies are scalable, testable, and observable.
  

• Establish and maintain cloud security standards, baselines, and guidelines for AWS accounts, workloads, and data.
  
• Work with Compliance / Risk teams to map OPA and AWS controls to regulatory requirements (e.g., GDPR, SOC 2, PCI-DSS as applicable).
  
• Drive security posture management by leveraging tools such as AWS Config, Security Hub, CSPM platforms, etc.
  

• Implement infrastructure security controls through IaC (e.g., Terraform/CloudFormation) and policy-as-code.
  
• Collaborate with DevOps / SRE teams to embed security into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.).
  
• Automate detection and remediation of security misconfigurations using Lambda functions, OPA policies, or other tooling.
  

• Act as a trusted security partner for application, data, and platform engineering teams.
  
• Review high-risk solutions and changes, providing security sign-off and architectural guidance.
  
• Lead threat modeling, security design reviews, and cloud security assessments.
  
• Provide mentoring and training on cloud security and OPA best practices to engineers and stakeholders.
  

Requirements

• 10+ year of overall IT experience with at least 6+ years focused on cloud security (preferably AWS).
  
• Strong, hands-on experience with AWS:
  
• VPC, Subnets, NACLs, Security Groups
  
• IAM (roles, policies, permission boundaries)
  
• KMS, CloudTrail, CloudWatch, Config
  
• Load Balancers, API Gateway, Lambda, ECS/EKS (optional but preferred)
  
• Expertise in Open Policy Agent (OPA):
  
• Experience writing and maintaining Rego policies.
  
• Integration of OPA with Kubernetes, microservices, or CI/CD workflows.
  
• Experience with Gatekeeper/Styra or equivalent solutions is a plus.
  
• Solid understanding of cloud security principles:
  
• Identity and access management (IAM)
  
• Network security, segmentation, and zero-trust concepts
  
• Encryption in transit/at rest, key management
  
• Logging, monitoring, and incident detection
  
• Experience with Infrastructure as Code (IaC) tools such as Terraform or CloudFormation.
  
• Familiarity with DevOps and CI/CD tools and practices.
  
• Strong knowledge of security frameworks and standards (CIS Benchmarks, NIST, ISO 27001, OWASP, etc.).
  
• Proficiency in at least one scripting or programming language (e.g., Python, Go, Bash).
  

• Experience with Kubernetes security (EKS or other managed K8s).
  
• Hands-on experience with container security (image scanning, runtime protection).
  
• Exposure to CSPM, CWPP, or other security platforms (Prisma Cloud, Wiz, Lacework, etc.).
  
• Security certifications such as AWS Certified Security – Specialty, CISSP, CISM, CCSP, or similar.
  
• Experience in highly regulated industries (finance, healthcare, etc.).
  

Benefits