Key Responsibilities
• Define and implement the security architecture for a new AWS landing zone supporting
internet-facing and intranet workloads.
• Translate GCC guardrails and compliance requirements into practical cloud security
controls.
• Work with Cloud Architect to embed security policies, IAM roles, encryption, logging,
monitoring, and incident response mechanisms into infrastructure design.
• Establish DevSecOps practices by integrating security checks into both infra CI/CD
pipeline.
• Conduct threat modelling, risk assessments, and security architecture reviews for
new services.
• Implement cloud-native and third-party security tools (e.g., AWS GuardDuty, Config,
Security Hub, CloudTrail, WAF, vulnerability scanners).
• Act as the security authority during design and build phases, providing guidance to
engineers, developers, and operations teams.
• Support security audits, assessments, and compliance checks for the landing zone.
Requirements
• 7+ years' experience in security architecture with proven expertise in cloud security
(AWS preferred).
• Strong knowledge of GCC guardrails, compliance requirements, and regulated
environments.
• Hands-on experience implementing security controls in AWS (IAM, KMS, CloudTrail,
GuardDuty, WAF, Security Hub, etc.).
• Familiarity with Terraform, IaC security controls, and DevSecOps pipeline
integration.
• Experience on hardening based on CIS benchmark Level 1/2/3.
• Strong understanding of network security, zero trust, identity & access management,
encryption, and incident response.
• Experience working in Agile delivery models and embedding security practices early in
the lifecycle.
• Excellent communication and stakeholder management skills.