Responsibilities
Define and implement the security architecture for a new AWS landing zone supporting internet-facing and intranet workloads.
Translate GCC guardrails and compliance requirements into practical cloud security controls.
Work with Cloud Architect to embed security policies, IAM roles, encryption, logging, monitoring, and incident response mechanisms into infrastructure design.
Establish DevSecOps practices by integrating security checks into both infra CI/CD.
Conduct threat modelling, risk assessments, and security architecture reviews for.
Implement cloud-native and third-party security tools (e.g., AWS GuardDuty, Config, Security Hub, CloudTrail, WAF, vulnerability scanners).
Act as the security authority during design and build phases, providing guidance to engineers, developers, and operations teams.
Support security audits, assessments, and compliance checks for the landing zone.
Requirements
7+ years’ experience in security architecture with proven expertise in cloud security (AWS preferred).
Strong knowledge of GCC guardrails, compliance requirements, and regulated.
Hands‐on experience implementing security controls in AWS (IAM, KMS, CloudTrail, GuardDuty, WAF, Security Hub, etc.).
Familiarity with Terraform, IaC security controls, and DevSecOps pipeline integration.
Experience on hardening based on CIS benchmark Level 1/2/3.
Strong understanding of network security, zero trust, identity & access management, encryption, and incident response.
Experience working in Agile delivery models and embedding security practices early in the lifecycle.
Excellent communication and stakeholder management skills.
#J-18808-Ljbffr