AWS Cloud Security Architect

Job Title: AWS Cloud Security Architect

Location: Hyderabad/Pune

Experience:10-15 Years

Work Mode: Hybrid

The AWS Cloud Security Architect will be responsible for designing, implementing, and governing enterprise-grade cloud security controls and frameworks across AWS environments. This role ensures security by design through preventive, detective, and responsive mechanisms leveraging AWS native and third-party tools. The architect will lead the definition of guardrails using Service Control Policies (SCPs), Open Policy Agent (OPA), and continuous compliance through AWS Config, Security Hub, and JupiterOne integrations.

Key Responsibilities

Security Architecture & Governance

• Define and implement the AWS security architecture aligned with enterprise security frameworks and compliance mandates (CIS, NIST, ISO 27001).
• Design and manage preventive and detective security controls across multi-account AWS environments.
• Establish and maintain AWS Service Control Policies (SCPs) to enforce organization-wide governance and least privilege principles.
• Define policy-as-code frameworks leveraging OPA (Open Policy Agent) and Terraform Sentinel to automate policy enforcement in CI/CD pipelines.
• Integrate and operationalize AWS Security Hub, GuardDuty, Config, CloudTrail, and CloudWatch for centralized monitoring, compliance tracking, and incident response.
• Design data protection and key management strategies using AWS KMS, Secrets Manager, and HashiCorp Vault integrations.
  
  

Continuous Compliance & Risk Management

• Define AWS Config rules and conformance packs to ensure continuous compliance across accounts and regions.
• Leverage JupiterOne for security posture management, asset inventory, and compliance automation.
• Establish processes for vulnerability management, drift detection, and control validation across AWS services.
• Collaborate with internal security and audit teams to conduct risk assessments and gap analyses.
  
  

Automation & Enablement

• Embed security controls into CI/CD pipelines for infrastructure provisioning (Terraform, CloudFormation, Harness).
• Develop reusable modules for SCPs, Config rules, and policy packs.
• Implement automation for remediation workflows using AWS Lambda and Security Hub insights.
• Integrate with SIEM platforms (e.g., Splunk, Sentinel) for advanced threat analytics.
  
  

Stakeholder Collaboration

• Partner with platform, DevOps, and compliance teams to define and roll out cloud security standards.
• Conduct security design reviews and threat modeling for new workloads and AWS service enablement.
• Provide guidance on IAM best practices, federation models (e.g., Entra ID), and role-based access controls.
  
  

Requirements

Required Skills & Experience

• Proven experience architecting security frameworks in AWS multi-account environments (Organizations, Landing Zones, Control Tower).
• Strong understanding of AWS IAM, SCPs, VPC Security, and KMS.
• Hands-on experience with AWS Config, Security Hub, GuardDuty, CloudTrail, Inspector, and Macie.
• Expertise in OPA, policy-as-code frameworks, and Terraform Enterprise or Sentinel.
• Familiarity with JupiterOne, SIEM, and compliance automation tools.
• Knowledge of network security, data protection, and zero-trust principles.
• Experience integrating AWS environments with enterprise identity providers (Azure AD, Okta) and Key Management systems (HashiCorp Vault).
• Scripting skills in Python, Go, or PowerShell preferred.
  
  

Benefits

Standard Company Benefits