Sr. Cloud Security Architect

Neptune Technology Group Inc. is a technology company serving water utilities across North America.  Since 1892, we have continually focused on the evolving needs of water utilities – revenue optimization, operational efficiencies, and improved customer service.  With our portfolio of smart water meters, data collection systems and software, we make data actionable for our customers – so they can remain focused on the business of water. For additional information, please visit the company website at www.neptunetg.com.

Sr. Cloud Security Architect

Position Summary

As a Sr. Cloud Security Architect, you will play a critical role in Neptune’s cybersecurity program by designing, implementing, and governing secure cloud architectures across a hybrid environment (on‑prem, cloud, and SaaS). You will work closely with Cloud, Platform, DevOps, and Security Operations teams to embed security‑by‑design principles, enforce guardrails, and strengthen prevention, detection, and compliance capabilities across cloud workloads.

In addition to architecture and engineering responsibilities, you will provide senior technical support to Incident Response activities involving cloud environments, assisting with investigation, containment, remediation, and post‑incident improvements when needed.

Responsibilities:

Cloud Security Architecture

• Design and implement secure cloud architectures, landing zones, and guardrails across AWS and Azure environments
• Develop and maintain cloud security standards, reference architectures, and reusable patterns
• Enforce security‑by‑design and least‑privilege principles across cloud networking, identity, and workloads
• Support securebydefault provisioning and segmentation strategies

• Design and implement security controls for AI/ML workloads and services (e.g., AWS Bedrock, Azure OpenAI, SageMaker), including data protection, access controls, and API security

Cloud Security Engineering & Automation

• Implement and maintain native and third‑party cloud security controls (IAM, CSPM, logging, posture management)
• Translate regulatory and internal security requirements into enforceable technical controls
• Integrate security controls into infrastructure‑as‑code and CI/CD pipelines
• Develop automation to detect misconfigurations, reduce manual effort, and improve control consistency

• Leverage AI-assisted tools to accelerate security engineering, threat modeling, and compliance automation, applying sound judgment on their limitations and avoiding over-reliance on automated outputs

Security Posture, Detection & Monitoring

• Monitor and assess cloud security posture using telemetry, posture management, and logging platforms
• Identify misconfigurations, control gaps, and emerging risks across cloud environments
• Partner with Security Operations to improve visibility, prioritization, and response for cloudrelated risks

• Evaluate and critically assess AI-driven security tooling (CSPM, SIEM) to ensure detection quality and avoid over-reliance on automated AI-generated findings

Incident Response & Readiness

• Provide technical support during cloud‑related security incidents, including investigation, containment, and remediation
• Assist with root cause analysis and recommend architectural improvements following incidents
• Participate in tabletop exercises, threat modeling, and readiness activities

Governance, Compliance & Collaboration

• Ensure cloud environments align with internal security standards and industry frameworks (e.g., CIS, NIST)
• Support audit and compliance efforts by providing architecture artifacts, evidence, and technical explanations
• Collaborate with stakeholders throughout the solution and product lifecycle to implement effective risk mitigations
• Research emerging cloud threats, attack techniques, and technologies to proactively strengthen defenses

• Support governance of enterprise AI tool consumption from a security and data privacy perspective, including controls to prevent sensitive data from flowing into third-party LLM APIs or AI-enabled SaaS platforms
• Familiarity with AI governance frameworks such as NIST AI RMF and OWASP Top 10 for LLM Applications

Relevant Platforms (experience with several is expected):

• Cloud Platforms: AWS, Azure
• Cloud Security & Posture: AWS Security Hub, AWS Config, Azure Policy, CSPM tools
• Identity & Access: Microsoft AD / Entra ID, IAM, PAM
• Detection & Monitoring: SIEM platforms, cloud logging and telemetry
• DevSecOps & Automation: Infrastructure‑as‑Code, CI/CD pipelines, scripting (PowerShell, Python, Bash)

Minimum Qualifications:

• Bachelor’s degree (or equivalent experience)
• 5 years of experience in information security, with at least 3 years focused on cloud security or cloud architecture
• Hands‑on experience securing cloud environments (AWS and/or Azure)
• Familiarity with NIST, CIS Benchmarks, zero trust principles, and cloud shared responsibility models
• Strong analytical, problem‑solving, and communication skills

Preferred Qualifications:

• Security or cloud certifications (e.g., AWS Security Specialty, Azure Security Engineer, CCSP, CISSP)
• Experience translating SOX or regulatory requirements into technical cloud controls
• Exposure to DevSecOps practices, automation, and continuous compliance monitoring
• Experience supporting cloudrelated incident response activities

• Familiarity with AI-specific threat vectors such as prompt injection, model inversion, and training data poisoning
• Demonstrated use of AI-assisted tools to improve security workflows and engineering productivity

• Travel less than 10% of the time

Travel Requirements: Typically requires overnight travel less than 10% of the time.

Location: Duluth, GA, Tallassee, AL

#HP1