Job Description: Job Description: AWS Cloud Security Architect (Cloud-Native & .NET Modernization)
Role Overview
We are seeking an experienced AWS Cloud Security Architect to design and implement secure cloud-native architectures on AWS for a program focused on modernizing legacy .NET applications using AWS Transform.
The role requires deep expertise in securing containerized workloads on Amazon Elastic Kubernetes Service, implementing AWS security best practices, and establishing security guardrails for modernized .NET workloads and microservices architectures.
The architect will ensure the migration and transformation processes align with enterprise security policies, compliance frameworks, and cloud-native security patterns.
Key Responsibilities
Cloud Security Architecture
- Design secure cloud-native architectures on Amazon Web Services.
- Establish security reference architecture for modernized .NET applications.
- Implement defense-in-depth strategies for cloud workloads.
- Ensure alignment with AWS Well-Architected Framework – Security Pillar.
Container & Kubernetes Security
Lead security design and governance for workloads running on:
- Amazon Elastic Kubernetes Service
Responsibilities include:
- Kubernetes cluster security architecture
- Network policies and service isolation
- Secure container image pipelines
- Pod security standards
- Secrets management
- Runtime security monitoring
Secure Application Modernization
- Define security guardrails during .NET modernization using AWS Transform.
- Ensure migrated applications meet secure coding and runtime security standards.
- Identify and mitigate risks during transformation of legacy applications.
AWS Security Services Implementation
Architect and implement security controls using services, but not limited to, such as:
- AWS Identity and Access Management
- AWS Key Management Service
- AWS Secrets Manager
- AWS Security Hub
- Amazon GuardDuty
- AWS WAF
- Or equivalent
Identity & Access Security
- Design least-privilege IAM architectures.
- Implement role-based access control for:
- AWS services / Okta Services
- Kubernetes clusters
- CI/CD pipelines
- Secure cross-account access models.
DevSecOps Integration
- Integrate security controls into CI/CD pipelines.
- Implement automated security scanning for:
- container images
- infrastructure as code
- application dependencies
- Establish security validation gates during application modernization.
Network Security
- Design secure AWS network architecture using:
- VPC segmentation
- private endpoints
- security groups
- network ACLs
- Implement zero-trust networking principles for microservices.
Required Skills
AWS Security Expertise
Strong hands-on experience with:
- Amazon Web Services security architecture
- AWS security services and governance models
- Multi-account AWS environments
Kubernetes Security
Experience securing workloads on:
- Amazon Elastic Kubernetes Service
Including:
- Kubernetes RBAC
- Pod security policies / admission controllers
- Container runtime security
- Network segmentation
Cloud Native Security
Knowledge of:
- Zero-trust architectures
- Microservices security patterns
- Secure API architecture
- Service mesh security (optional)
Application Security
Understanding of security practices for:
- .NET applications
- REST APIs
- Modern microservices
Preferred Experience
- Prior experience in .NET application modernization programs
- Security architecture for containerized platforms
- Experience with DevSecOps pipelines
- Knowledge of compliance frameworks (ISO, SOC2, PCI, HIPAA etc.)
Experience
- 10+ years in software/cloud engineering
- 5+ years in AWS security architecture
- Proven experience designing secure cloud-native platforms
Education
- Bachelor's or master's degree in computer science / information security / engineering
Certifications (Preferred)
- AWS Certified Security – Specialty
- AWS Certified Solutions Architect – Professional
- Certified Kubernetes Security Specialist (CKS)
(Cloud-Native & .NET Modernization)
Email - [Confidential Information]
