Job Details

The Cloud Security Architect will develop security assessment and evaluation plans for existing clients in

order to lead and deliver Cloud Risk and Cloud Hygiene Assessments. Based on cloud architecting best

practices, this individual will be expected to provide guidance and hands-on experience to teams in

the design, development, and maintenance of security solutions for the cloud. This service will include the

design and development of cloud security policies, standards, and procedures for various types of

public/private/hybrid clouds. This includes account management, tenant management, Cloud Access

Security Broker (CASB) integration, network management, security incident, and event management

(SIEM), data protection, user account management (SSO, SAML), password/key management,

vulnerability/threat management, etc.

The Cloud Security Architect will lead customer-facing projects and all aspects of the development of

security project deliverables including assessment, solution development, and, as appropriate,

implementation oversight efforts. He or she will effectively and accurately scope customer-facing

projects as well as identify and position follow-on work with customer stakeholders that extends the

value of BW Cyber as a strategic partner to the client. The Cloud Security Architect is expected to

individually solve problems of higher complexity. The Cloud Security Architect will also participate in the

development and enhancement of the information security solutions portfolio to ensure it maintains

relevancy with customer requirements and industry changes.

What your day will look like? 

• Responsible for the thorough documentation of implementations, via technical documentation and run-books
• Responsible for input and feedback on security architectures
• Apply adept understanding and experience with systems automation platforms and technologies
• Partake in efforts that shape the organization’s security policies and standards for use in cloud environments
• Interpret security and technical requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers
• Direct and influence multi-disciplinary teams in implementing and operating Cyber Security controls
• Collaborate with application developers and database administrators to deliver creative solutions to difficult technical challenges and business requirements
• Provide subject matter expertise on information security architecture and systems engineering to other IT and business teams
• Execute security architectures for cloud/hybrid systems
• Responsible for automating security controls, data, and processes to provide improved metrics and operational support
• Employ cloud-based APIs when suitable to write network/system-level tools for safeguarding cloud environments
• Stay abreast of emerging security threats, vulnerabilities, and controls
• Spot and execute new security technologies and best practices into the company’s cloud offerings.

Skills Required

• AWS-specific skills – MUST: (Networking: vpc, virtual gateway, Route53, Direct Connect Gateway, transit vpc, transit gateway, lambda, endpoints, load balancers) and (Security: ACM, WAF, Config, CloudWatch, Flow-logs, IAM, ES etc.)
• Security Architecture: Build Cloud Network Architecture to support Encryption of Data at rest and transit
• Other services such as Guardrail, GuardDuty, AWS shield, CloudFront, AWS Control Tower, Inspector 
• Azure-specific skills (Networking: vnet, vnet peering, udr, sdr, express route, nsg, load balancers, endpoints.)
• Experience with automated configuration and deployment: Terraform or other Infrastructure as Code (IAC) frameworks
• This role is open for EST timings
• Experience with distributed version-control systems: git/github
• 7+ years of Strong Enterprise networking with Routing/Switching configuration/diagnostic experience in Global Network infrastructure design delivery of WAN, LAN, Firewall, and F5.
• Experience with Cisco hardware and OS : Catalyst switches, ISR/ASR routers, ASA
• Strong practical experience with Palo Alto firewalls is a MUST (VM series, CN series, and other DC models)
• Strong understanding of the following Network protocols: BGP, IPSec, and IPSec VTI VPN
• Experience and in-depth understanding of TCP/IP packets with the ability to analyze captured packets for deep troubleshooting.
• Scripting (Python, Ansible, Tower) experience is a plus
• Work closely with the Network architecture, security, and application teams to roll out new designs and perform activities for supporting cloud application migration projects.
• Leverage his/her prior experience with Azure and AWS to implement global connectivity Secure solutions.
• Implement an automated process for cloud network environment eliminating manual and repetitive tasks
• Create and maintain Infrastructure as Code (IAC) using industry-standard platforms.
• Implement industry-standard cloud network security practices during build activities and maintain it throughout the lifecycle.
• Perform functional testing to verify implementation meet production acceptance standards
• Provide support of cloud network services for complex issues