Cloud Security Architect (AWS)

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Purple Drive Technologies LLC, is seeking the following. Apply via Dice today!

Role: Cloud Security Architect (AWS)

Location: Irvine, CA (Onsite)

Experience: 10 Years

Job Summary

We are seeking a highly experienced Cloud Security Architect to lead security architecture for a large-scale Data Center Exit to AWS initiative. This role focuses on designing and implementing enterprise-grade security controls across AWS environments, ensuring secure migration, compliance, and operational resilience.

The ideal candidate will have deep expertise in AWS security services, multi-account architecture, vulnerability management, and secure-by-design principles, with experience supporting mission-critical enterprise workloads.

Key Responsibilities

Cloud Security Architecture

• Lead the design and implementation of secure AWS architectures for Data Center Exit programs
• Define and implement AWS Landing Zone security, including:
• IAM guardrails
• Service Control Policies (SCPs)
• Centralized logging and monitoring
• Establish security baselines aligned with CIS, NIST, and ISO frameworks
  
  

Identity, Access & Encryption

• Design and enforce IAM strategies, including least privilege and role-based access
• Implement encryption standards using AWS KMS for data at rest and in transit
• Validate authentication and authorization models across all workloads
• Support identity federation and secure access controls
  
  

Threat Detection & Monitoring

• Implement and manage AWS security services such as:
• AWS WAF
• GuardDuty
• CloudTrail
• Security Hub
• Integrate AWS security telemetry with SIEM platforms for continuous monitoring
• Define and implement detective and preventive controls
  
  

Application & Infrastructure Security

• Conduct vulnerability assessments (VAPT) and define remediation strategies
• Implement:
• Web Application Firewall (WAF) rules
• Network segmentation and firewall policies
• Endpoint protection controls
• Support secure development practices including code reviews and DevSecOps alignment
  
  

Migration Security & Governance

• Secure workloads during migration from on-premise to AWS EC2
• Ensure data consistency, integrity, and compliance during migration phases
• Design security for hybrid architectures and integration-heavy systems
• Support migration tools and enforce governance policies
  
  

Container & Platform Security

• Design security for EKS/Kubernetes environments, including:
• Pod and network policies
• Image scanning and runtime protection
• Secure cloud-native and distributed workloads
  
  

Risk Management & Compliance

• Lead penetration testing cycles and coordinate remediation efforts
• Produce:
• Security architecture documents (HLD/LLD)
• Risk assessments
• Operational security runbooks
• Ensure adherence to enterprise and regulatory compliance standards
  
  

Required Skills

• Strong expertise in AWS security services:
• IAM, KMS, CloudTrail, GuardDuty, WAF
• Experience designing AWS multi-account Landing Zones and governance models
• Deep understanding of:
• Identity and access management
• Encryption and key management
• Zero Trust architecture and least privilege principles
• Hands-on experience with vulnerability assessment tools:
• Nessus, Qualys, Burp Suite, Fortify, Checkmarx
• Strong knowledge of:
• Network security (firewalls, IDS/IPS, segmentation)
• OS-level security (Windows Server, RHEL)
• Experience securing databases (Oracle, SQL Server, Exadata on AWS)
• Strong collaboration and stakeholder management skills
  
  

Preferred Skills

• Experience with AWS Shield and advanced threat protection tools
• Knowledge of integration security for Java, .NET, and TIBCO ESB workloads
• Experience with DevSecOps and CI/CD security integration
• Certifications such as:
• AWS Certified Security Specialty
• CISSP / CISM / CCSP