Principal AWS Cloud Security Consultant

Role Overview

• Provide oversight for delivery teams, ensuring quality, consistency, and alignment with client objectives while fostering knowledge transfer and consistent execution
• Manage and resolve client escalations, balancing client satisfaction with project scope and delivery constraints
• Present findings and recommendations to executive stakeholders, lead technical workshops, and facilitate security strategy sessions
• As an individual contributor, provide consulting services on customer engagements and deliver security outcomes. Tasks may include:
• Design secure cloud architectures and reference models for AWS and multi-cloud environments
• Conduct in-depth cloud security assessments to identify security misconfigurations, architecture and cloud operational risks, and compliance gaps
• Assist clients with continuous compliance and audit readiness in cloud environments
• Conduct AWS security workshops, technical interviews, and stakeholder briefings
• Prepare and present client deliverables including security roadmaps, process improvements, gap analyses, architecture diagrams, cloud security strategies, and custom deliverables based on client needs
• Contribute to internal methodologies, templates, and reusable assessment frameworks
• Mentor junior consultants and support knowledge sharing within the consultancy
• Assist with scoping and pre-sales activities including proposals and statements of work (SOWs)
• Collaborate with internal pre-sales teams to identify use-cases and opportunities for third-party security tooling (e.g., CNAPP, secrets management, data security, cloud detection and response, NHI [Non-Human Identity], etc.)

Requirements

• Minimum of 5 years designing AWS architecture and operating AWS workloads at scale
• AWS knowledge must include networking, data security, identity and access management, automation, and extensive hands-on with Amazon’s cloud-native security tooling services
• Demonstrated knowledge of emerging security patterns and best practices for AI/ML workloads in AWS, including securing SageMaker environments, implementing guardrails for generative AI services (Bedrock), and applying data protection controls for model training and inference pipelines
• Strong knowledge of IAM patterns (RBAC, ABAC), federated access, permission boundaries, SCPs, and RCPs
• Proficiency in Infrastructure as Code (Terraform, CloudFormation, CDK) and secure coding practices
• Experience with CIEM, CSPM, or CWPP tools
• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines
• Scripting and automation skills (e.g., Python, Bash, or PowerShell)
• Experience securing Kubernetes environments, including Amazon EKS and other managed Kubernetes platforms, with knowledge of pod security, RBAC, network policies, and container security best practices
• Bachelor's or equivalent experience in Cybersecurity, Computer Science, Engineering, or related field.
• Preferred certifications: CISSP, CCSP, CCSK
• AWS Cloud certifications: AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional
• Other CSP Certifications: Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer

Tech Stack

• AWS
• Azure
• Cloud
• Cyber Security
• Kubernetes
• Python
• Terraform

Benefits

• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family).
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option