Cloud Security Architect

Mindlance

Bethesda, MD(remote)

JOB DETAILS
SKILLS
Access Control, Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3), Amazon Web Services (AWS), Best Practices, CISSP - Certified Information Systems Security Professional, Cloud Architecture, Cloud Computing, Cloud Storage, Computer Science, Computer Security, Consulting, Continuous Deployment/Delivery, Continuous Integration, Cryptography, Data Storage, DevOps, Firewall Administration, GCP (Good Clinical Practices), HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), Incident Response, Information/Data Security (InfoSec), Internet Security, Leadership, Loss Prevention, Microsoft Windows Azure, Policy Evaluation, Privacy Controls, Prototyping, Public Policy, Regulatory Compliance, Regulatory Requirements, Requirements Management, Risk Management, Security Architecture, Security Infrastructure, Strategic Planning, Subnet, Technical Research, Technology Analysis, Telemetry, Threat Modeling, Threat and risk analysis (TRA)
LOCATION
Bethesda, MD(remote)
POSTED
3 days ago
Title: Cloud Security Architect
Location: Remote-EST
Duration: 12 Months (Long Term)

JOB SUMMARY:
We are seeking an experienced Cloud Security Architect to lead the design and implementation of secure cloud infrastructure across our AWS-based environments. This role will focus on securing network boundaries, containerized workloads (such as Kubernetes and Amazon EKS), cloud-native data storage (e.g., S3), and overall cloud infrastructure components. You will serve as the security expert in cloud architecture projects, ensuring all designs align with best practices and compliance requirements.

CANDIDATE PROFILE
Education and Experience
Required
  • Bachelor's or Master's degree in Computer Science, Information Security, or related field, or equivalent professional experience.
  • 7+ years of experience in cybersecurity with at least 3+ years focused on cloud security in AWS.
  • Hands-on expertise in AWS services (VPC, EC2, EKS, S3, IAM, CloudTrail, KMS, GuardDuty), Kubernetes security, and Infrastructure-as-Code security (Terraform).

Preferred
  • Cloud Security Certifications: AWS Certified Security Specialty, AWS Certified Solutions Architect, Certified Kubernetes Security Specialist (CKS), CISSP, or GCSA.
  • Multi-Cloud Security Experience: Experience securing workloads across AWS, Azure, and GCP with understanding of platform-specific security implications.
  • Zero Trust Architecture: Familiarity with Zero Trust principles, identity-aware access policies, microsegmentation strategies, and secure service-to-service communication.

CORE WORK ACTIVITIES
  • Designs and maintains secure architectures for cloud infrastructure in AWS, AliCloud, and any cloud Client operates in, defining security reference architectures and guardrails for services like VPC, subnets, security groups, and IAM roles.
  • Implements and validates network segmentation, ingress/egress controls, and virtual firewall configurations for cloud infrastructure components (EC2, ALB/NLB, Route 53, VPCs, Transit Gateways).
  • Secures containerized workloads in Amazon EKS or self-managed Kubernetes clusters, defining security controls including RBAC, network policies, pod security standards, and image scanning.
  • Collaborates with DevOps and platform teams to integrate security into CI/CD pipelines and container registries.
  • Ensures secure configuration of cloud-native storage solutions (S3, EBS, EFS), implementing encryption, logging, access control, and data classification.
  • Evaluates and enforces policies around public access, bucket-level permissions, and data loss prevention for cloud-stored data.
  • Ensures cloud solutions comply with internal policies and external regulatory requirements (ISO 27001, SOC 2, HIPAA, GDPR).
  • Contributes to threat modeling, risk assessments, and architecture review processes for new and existing workloads.
  • Defines and implements logging and monitoring strategies using CloudTrail, GuardDuty, Security Hub, and container-level telemetry.
  • Collaborates with Security Operations and Incident Response teams on alerts and forensic readiness.
  • Conducts security and privacy technology research, assessments, and integration processes; provides and supports prototype capabilities.
  • Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards.
  • Provides sound advice and recommendations to leadership and staff on cloud security topics, translating technical security risks into business impact.
  • Manages and measures information security implications within the organization, including strategic planning, risk management, and security awareness.

EEO:
Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans.

About the Company

M

Mindlance