Principal Cloud Security Architect

The Principal Security Architect serves as the Information Security team’s senior technical authority on secure cloud and application architecture. This role bridges the gap between Security, Cloud Engineering, and Development teams—embedding security into every stage of design and delivery. The successful candidate combines strong public cloud architecture experience with an understanding of modern development practices, ensuring that products and platforms are secure by design. 

Key Responsibilities: 

- Participate in the design and governance of secure architectures across AWS, Azure, and GCP environments, integrating security into CI/CD pipelines and development workflows. 
- Partner with development and DevOps teams to implement secure coding practices, threat modeling, and security automation throughout the SDLC. 
- Participate in the establishment and maintain security architecture frameworks, patterns, and standards for both infrastructure and application layers. 
- Assess existing applications, APIs, and microservices for architectural weaknesses and guide teams on secure refactoring. 
- Define cloud-native security controls including IAM, network segmentation, key management, and data protection strategies. 
- Work with engineering leadership to embed “security as code” practices within IaC (Terraform/CloudFormation) and CI/CD pipelines (GitHub Actions, Jenkins, etc.). 
- Review system and software designs to ensure compliance with internal policies and external frameworks (e.g., SOC 2, ISO 27001, FedRAMP, PCI DSS). 
- Serve as a trusted technical advisor to development teams, translating complex security requirements into actionable engineering guidance. 
- Lead security architecture reviews, risk assessments, and proof-of-concept efforts for new technologies and services. 
- Mentor engineers and architects across Security and Development organizations, fostering a culture of secure innovation. 

Qualifications: 

- 10+ years of experience in information security, with at least 5 in architecture or cloud security leadership roles. 
- Deep technical expertise in AWS, Azure, and/or GCP, including IAM, networking, encryption, and monitoring services. 
- Solid foundation in software development (e.g., Python, Java, Go, or Node.js) and understanding of modern development practices (CI/CD, containers, serverless). 
- Experience integrating security into DevOps and Agile environments. 
- Strong understanding of threat modeling, secure design principles, and application security testing (SAST, DAST, dependency scanning). 
- Familiarity with compliance frameworks (NIST, ISO 27001, SOC 2, PCI DSS, FedRAMP) and security benchmarks (CIS Controls). 
- Demonstrated ability to communicate complex security concepts to both developers and executives. 
- Relevant certifications such as AWS Certified Security – Specialty, CISSP, CCSP, or GIAC Cloud Security Architect preferred. 
- Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. 

Key Competencies: 

- Technical Depth: Mastery of cloud and application security design principles. 
- Collaboration: Ability to work closely with engineers to produce secure, scalable products. 
- Leadership: Drive alignment between security and business objectives through influence and example. 
- Innovation: Continuously seek and implement modern, automation-driven approaches to enterprise security.