Job SummaryWe are seeking an experienced Multi-Cloud Solution Architect in designing and implementing secure, scalable, and resilient solutions across AWS, Azure, and GCP. The ideal candidate will have strong coding experience, deep knowledge of cloud-native services, and the ability to lead architecture strategy for enterprise-grade applications.
Key Responsibilities- Cloud Security Architecture: Assist in defining secure reference architectures for IaaS/PaaS/SaaS and hybrid environments. Support zero-trust principles and secure network topologies.
- Pipeline & DevSecOps Security: Embed security into CI/CD pipelines: Integrate SAST, DAST, dependency scanning, and SBOM generation. Apply policy-as-code (OPA/Rego) and secrets scanning in pipelines. Automate security gates for IaC (Terraform/Bicep/CloudFormation) and container images.
- Kubernetes & Container Security: Harden Kubernetes clusters (EKS/AKS/GKE): Implement RBAC, admission controllers, and runtime protection. Ensure image signing and compliance with CIS benchmarks. Use container scanning tools (Trivy) and runtime monitoring (Falco).
- Identity & Access Management: Implement RBAC, MFA, and workload identity solutions. Manage secrets and encryption keys (Vault/KMS).
- Data Security: Apply encryption strategies and DLP for sensitive workloads.
- Threat Detection & Response: Configure cloud telemetry (CloudTrail, VPC Flow Logs, Kubernetes audit logs) into SIEM/SOAR. Assist in defining detection use cases and response playbooks.
- Governance & Compliance: Align security controls with NIST CSF, ISO 27001, CIS Benchmarks, and regulatory frameworks. Participate in architecture risk assessments and threat modeling.
Technical SkillsCloud & Security- Strong understanding of cloud security principles and best practices
- Familiarity with CI/CD security in pipelines (GitHub Actions, GitLab CI, Jenkins)
- Experience or exposure to:
- Infrastructure-as-Code security (Terraform, CloudFormation)
- Policy-as-Code (OPA/Rego)
- Kubernetes security (RBAC, admission controllers, runtime protection)
- Container security (image scanning, SBOM, signing)
- Awareness of secure software development lifecycle (processes, methods, tools)
Compliance & Frameworks- Understanding of security frameworks and standards:
- NIST
- ISO 27001
- CIS Benchmarks
- SOC 2
- PCI DSS
Certifications (Preferred)- AWS/Azure/GCP Security Specialty
- Kubernetes certifications (CKA/CKS)
Tools- Pipeline Security: Snyk, Semgrep, Trivy.
- Container/K8s: Falco, Kyverno, OPA.
- Cloud Native: AWS GuardDuty, Azure Defender, GCP SCC.
- SIEM/SOAR: Splunk, Sentinel.
Behavioral & Professional Skills- Ability to learn, understand, and apply new technologies and abstract concepts
- Self-motivated, flexible, and capable of managing changing priorities
- Able to work independently and as a team player
- Strong written and verbal communication skills
- Good interpersonal skills
- Experience or comfort in customer interactions
Nice to Have- Cloud Security Frameworks & Compliance
- Exposure to ISO 27001, NIST CSF, CIS Benchmarks, or other cloud security standards
- Familiarity with compliance processes for SOC 2, PCI DSS, or regional data privacy laws (e.g., DPDP Act)
- Advanced Security Concepts
- Understanding of secure boot, secure firmware update, or key management in cloud-native environments
- Awareness of cryptographic key lifecycle management and HSM integration for cloud workloads
- DevSecOps & Automation
- Exposure to automated security testing in CI/CD pipelines and supply chain security practices
- Container & Kubernetes Security
- Familiarity with image signing, SBOM generation, and runtime protection tools
- Hands-on experience with Falco, Trivy, or similar container security solutions
