Cloud Cybersecurity Architect

We are seeking an experienced Multi-Cloud Solution Architect in designing and implementing secure, scalable, and resilient solutions across AWS, Azure, and GCP. The ideal candidate will have strong coding experience, deep knowledge of cloud-native services, and the ability to lead architecture strategy for enterprise-grade applications.

• Cloud Security Architecture: Assist in defining secure reference architectures for IaaS/PaaS/SaaS and hybrid environments. Support zero-trust principles and secure network topologies.
• Pipeline & DevSecOps Security: Embed security into CI/CD pipelines: Integrate SAST, DAST, dependency scanning, and SBOM generation. Apply policy-as-code (OPA/Rego) and secrets scanning in pipelines. Automate security gates for IaC (Terraform/Bicep/CloudFormation) and container images.
• Kubernetes & Container Security: Harden Kubernetes clusters (EKS/AKS/GKE): Implement RBAC, admission controllers, and runtime protection. Ensure image signing and compliance with CIS benchmarks. Use container scanning tools (Trivy) and runtime monitoring (Falco).
• Identity & Access Management: Implement RBAC, MFA, and workload identity solutions. Manage secrets and encryption keys (Vault/KMS).
• Data Security: Apply encryption strategies and DLP for sensitive workloads.
• Threat Detection & Response: Configure cloud telemetry (CloudTrail, VPC Flow Logs, Kubernetes audit logs) into SIEM/SOAR. Assist in defining detection use cases and response playbooks.
• Governance & Compliance: Align security controls with NIST CSF, ISO 27001, CIS Benchmarks, and regulatory frameworks. Participate in architecture risk assessments and threat modeling.

• Strong understanding of cloud security principles and best practices
• Familiarity with CI/CD security in pipelines (GitHub Actions, GitLab CI, Jenkins)
• Experience or exposure to:
  • Infrastructure-as-Code security (Terraform, CloudFormation)
  • Policy-as-Code (OPA/Rego)
  • Kubernetes security (RBAC, admission controllers, runtime protection)
  • Container security (image scanning, SBOM, signing)
• Awareness of secure software development lifecycle (processes, methods, tools)

• Understanding of security frameworks and standards:
  • NIST
  • ISO 27001
  • CIS Benchmarks
  • SOC 2
  • PCI DSS

• AWS/Azure/GCP Security Specialty
• Kubernetes certifications (CKA/CKS)

• Pipeline Security: Snyk, Semgrep, Trivy.
• Container/K8s: Falco, Kyverno, OPA.
• Cloud Native: AWS GuardDuty, Azure Defender, GCP SCC.
• SIEM/SOAR: Splunk, Sentinel.

• Ability to learn, understand, and apply new technologies and abstract concepts
• Self-motivated, flexible, and capable of managing changing priorities
• Able to work independently and as a team player
• Strong written and verbal communication skills
• Good interpersonal skills
• Experience or comfort in customer interactions

• Cloud Security Frameworks & Compliance
  • Exposure to ISO 27001, NIST CSF, CIS Benchmarks, or other cloud security standards
  • Familiarity with compliance processes for SOC 2, PCI DSS, or regional data privacy laws (e.g., DPDP Act)
• Advanced Security Concepts
  • Understanding of secure boot, secure firmware update, or key management in cloud-native environments
  • Awareness of cryptographic key lifecycle management and HSM integration for cloud workloads
• DevSecOps & Automation
  • Exposure to automated security testing in CI/CD pipelines and supply chain security practices
• Container & Kubernetes Security
  • Familiarity with image signing, SBOM generation, and runtime protection tools
  • Hands-on experience with Falco, Trivy, or similar container security solutions