Assess the security posture of cloud environments and services across multi-cloud platforms to identify risks, controls gaps, and improvement opportunities.
Lead cloud security gap assessment for cloud service capabilities, providing actionable recommendations to strengthen the security posture.
Develop and maintain cloud security reference architectures, secure solution patterns, and implementation guidance aligned with organizational security requirements.
Design practical security solutions to address identified risks and partner with engineering and platform teams to drive the implementation of solutions across the cloud estate.
Analyze cloud environments for misconfigurations and control deficiencies, and partner with stakeholders to prioritize and drive remediation efforts.
Respond to and support investigation of cloud security incidents, including root-cause analysis and remediation.
Interpret internal security policies, regulatory requirements, and industry standards and translate them into technical controls and implementation guidance.
Provide technical leadership and advisory support on cloud security best practices, including identity and access management, network security, encryption, logging, monitoring, and data protection.
Collaborate with engineering, platform and enterprise architecture teams to operationalize security requirements and improve consistency of controls across the cloud estate.
Conduct security reviews of emerging technologies and new cloud services to evaluate risks and recommend secure adoption approaches.
Drive enterprise cloud security initiatives and support security rollouts across the organization.
Stay current on emerging cloud security threats, platform features, and defensive techniques.
Be a champion and advocate of cybersecurity within the company.
Requirements
10+ years of experience in information security, with at least 5 years focusing on cloud security.
Strong understanding of cloud security principles, architecture patterns, and security controls across major cloud platforms. (e.g., AWS, Azure, GCP).
Experience conducting security assessments, gap analysis, and risk evaluations for cloud environments and services, with the ability to translate findings into actionable remediation plans.
Demonstrated ability to design practical security solutions and implementation guidance to address cloud security risks, working collaboratively with engineering and platform teams.
Experience developing or contributing to cloud security reference architectures, standards, or secure solution patterns aligned with organizational requirements.
Familiarity with cloud security tooling and posture management platforms (e.g., CNAPP) and understanding of common cloud misconfiguration risks.
Knowledge of compliance standards and benchmarks: SOC2, ISO 27001, CSA CCM, NIST CSF, PCI DSS, CIS benchmarks.
Strong communication and leadership skills, with the ability to collaborate effectively with diverse teams.
Bonus if you have CCSP
Certified Cloud Security Professional.
CISSP
Certified Information Systems Security Professional.