Senior Cloud Security Architect

Job Title: Senior Cloud Security ArchitectLocation: Morrisville, NC; Falls Church, VA; or Eagan, MNImportant Submission NotesNote new TSS template for candidate submission.Gaps still need to be explained and resume cannot exceed 4 pages.The PLD cannot provide individualized feedback if resumes are incorrect — your candidate will be disqualified.Resumes MUST be in the template, which is attached to the posting.Job DescriptionAs a Senior Cloud Security Architect, you will lead the strategic vision for protecting our multi-cloud ecosystem. You are responsible for designing the security blueprints that govern our entire digital footprint—from identity perimeters to AI-driven threat detection. This role requires a "Security as Code" mindset, where you build automated guardrails that empower developers to move at speed without compromising the safety of our data or infrastructure.Key ResponsibilitiesSecurity Architecture VisionLead the design of a global Zero Trust architectureEnsure robust Identity Governance (IAM)Implement Network Micro-SegmentationManage Data EncryptionWork across AWS, Azure, or GCPAI-Native Security StrategyArchitect specialized security frameworks for AI/ML pipelinesFocus on:Data Privacy for training setsModel IntegritySecuring LLM-integrated applicationsProtection against emerging attack vectorsAutomated Guardrails (Policy as Code)Develop and enforce enterprise-wide security policies using:TerraformPolicy as CodeEnsure non-compliant infrastructure is automatically remediated or blocked from deploymentCloud Posture ManagementDesign and oversee integration of:CNAPPCSPMProvide real-time visibility into:MisconfigurationsVulnerabilitiesExcessive permissionsThreat Modeling & ResilienceConduct deep-dive threat modeling for complex cloud-native systemsSimulate:Advanced Persistent Threats (APTs)Blast Radius ScenariosStrengthen overall system resilienceSecurity ConsultancyAct as the lead security advisor for the Cloud Architecture teamBridge the gap between:DevOps AgilityRegulatory Compliance (SOC2)Technical QualificationsSecurity PlatformsRequired SkillsMastery of cloud-native security suites:AWS Security HubAzure DefenderGCP Security Command CenterIdentity & AccessRequired SkillsExpert knowledge of:Identity-First SecurityCIEMJust-In-Time (JIT) AccessComplex OIDC/SAML FlowsAutomationRequired SkillsProficiency in:PythonGoBashBuild custom security automationsIntegrate with SOAR PlatformsDevSecOpsRequired SkillsDeep experience embedding automated security testing:SASTDASTSCAIntegrate directly into CI/CD PipelinesCloud NetworkingRequired SkillsAdvanced understanding of secure connectivity:SD-WANCloud WAFZero Trust Network Access (ZTNA)Preferred ExperienceExperience12+ years in CybersecurityAt least 6 years focused on architecting secure cloud environments at scaleCertificationsTop-tier credentialsEducationAdvanced degree in:Computer ScienceCybersecurityRelated engineering field preferredBS degree from an accredited College/University in the applicable field of services is required, or four additional years of relevant experience in lieu of a college degree.If the individual's degree is not in the applicable field then four additional years of related experience is required.Soft SkillsStrong ability to bridge the gap between:“Speed of DevOps”“Rigors of Security”Excellent communication with executive leadershipLeadershipProven ability to influence technical roadmapsPresent security risks clearly to C-suite stakeholdersCore ObjectivesZero Standing PrivilegeHelp transition the organization to a:“Zero Standing Privilege” modelApply across all production environmentsAutomated ComplianceHelp achieve automated auditing for core compliance frameworks:NISTCIS BenchmarksMean Time to Detect (MTTD)Utilize AI-driven monitoringReduce anomalous cloud activity detection time to minimum