Cloud Security Architect

Job Description for CSPM / CNAPP Profile

Role Summary

The CSPM/CNAPP Architect is responsible for designing, implementing, and governing cloud security strategies across multi-cloud environments. This role ensures continuous security posture management, workload protection, and compliance using CNAPP platforms that integrate CSPM, CWPP, CIEM, and DevSecOps capabilities.

Key Responsibilities

• Design secure architectures for AWS, Azure, and GCP environments
• Define security guardrails, policies, and reference architectures
• Lead zero-trust and least-privilege access strategies
• Deploy and manage CSPM/CNAPP tools (e.g., Prisma Cloud, Wiz, Microsoft Defender for Cloud)
• Monitor misconfigurations, compliance violations, and risks
• Automate remediation workflows
• Embed security into CI/CD pipelines
• Implement shift-left security practices
• IaC scanning (Terraform, CloudFormation, etc.)
• Secure containers, Kubernetes, and serverless workloads
• Implement runtime protection and vulnerability management
• Protect APIs and microservices architectures
• Ensure compliance with frameworks (ISO 27001, SOC 2, NIST, CIS benchmarks)
• Conduct risk assessments and threat modeling
• Create dashboards and executive reporting
• Implement CIEM (Cloud Infrastructure Entitlement Management)
• Analyze excessive permissions and enforce least privilege

Technical Skills

• Strong experience with AWS, Azure, or GCP
• Deep understanding of cloud security concepts (IAM, networking, encryption)
• Hands-on experience with CSPM/CNAPP tools
• Knowledge of Kubernetes, Docker, and container security
• Familiarity with scripting (Python, Bash etc)
• Experience with Infrastructure as Code (Terraform, ARM, CloudFormation)

Security Skills

• Understanding of OWASP Top 10 and cloud threat models
• Experience with vulnerability management and SIEM tools
• Knowledge of zero trust architecture

Soft Skills

• Strong communication and stakeholder management
• Ability to translate risk into business impact
• Leadership and mentoring skills

Preferred Qualifications

• Bachelor's/Master's in Computer Science, Cybersecurity, or related field
• Certifications such as:
• AWS Certified Security Specialty
• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Security Professional (CISSP)

Experience Level

• Typically 8–15+ years in IT/security
• At least 3–5 years in cloud security architecture