Overview of the Role:

As a Cloud Security Architect, you will drive the security-related efforts for the design, implementation, and maintenance of secure cloud environments leveraging cloud-native services. Bridging the gap between Product Engineering, Compliance, and Cloud Infrastructure, you will develop and communicate a converged cloud security vision. You will build secure architectural blueprints, proactively identify and drive the resolution of systemic risks, and champion "Security by Design." By leveraging robust threat modeling, infrastructure as code, and AI-enabled automation, you will reduce tech debt and defend against modern threats across public cloud architectures, with a strong emphasis on GCP and foundational environments in AWS.

Responsibilities:

Cloud Infrastructure Security:

• Security Baselines & Standards: Define foundational security baselines and design architectures that align with industry frameworks (NIST, CIS, ISO 27001) across multi-cloud environments, maintaining a primary focus on GCP alongside core baselines in AWS.
• Identity & Governance: Design scalable IAM structures and organizational hierarchies to enforce strict least-privileged access, including the retrofitting of legacy access models.
• Systemic Risk Mitigation: Partner with Offensive Security, Threat & Vulnerability Management (TVM), and engineering leadership to continuously identify and prioritize complex vulnerabilities and architectural tech debt. Drive overarching remediation strategies across current and legacy environments, ensuring systemic risks are reduced to acceptable levels.
• Detection & Response: Ensure seamless telemetry integration for the Cybersecurity Operations Center (CSOC) and Enterprise Security to enable actionable security posture management.
• Native Tooling & Guardrails: Important to have skills withy Google Cloud Native Security Services (e.g., Chronicle, Cloud Armor, Certificate Manager, KMS, Secret Manager, DLP).

Architecture & Threat Modeling:

• Comprehensive Threat Modeling: Lead deep-dive threat modeling sessions across both product architectures and cloud infrastructure. Analyze data flows, API integrations, and trust boundaries to identify key threats before deployment.
• Architecture Reviews: Conduct periodic security reviews of new product designs and cloud environment topologies, proposing concrete, architectural remediation guidance and "secure-by-default" design patterns.
• Security Advocacy: Serve as the primary Subject Matter Expert (SME), explaining complex technical security concepts to diverse technical and non-technical stakeholders to ensure seamless integration.

Modern Cloud Architecture & Automation:

• Infrastructure & Control Guidance: Develop actionable blueprints and provide strategic guidance to the engineering teams responsible for implementing and automating IAM, network security, and data protection controls.
• Pipeline Guardrails (CI/CD): Define strict security guardrails (e.g., policy-as-code, Terraform linters) and partner with DevOps to drive their integration directly into the CI/CD pipeline, ensuring all resources are provisioned securely by default.
• Container Security Posture: Establish the architectural standards for securing our Kubernetes (GKE) footprint, defining the requirements for pod security standards, network policies, and container image scanning.
• AI & Security Automation: Leverage AI-enabled security posture management tools to analyze security telemetry, scale the identification of systemic risks, and provide automated, actionable remediation guidance to developers.

Required Qualifications:

• 15+ years of progressive experience in cybersecurity, with significant time dedicated to Cloud Security Architecture or Senior Cloud Security Engineering.
• Deep, demonstrable understanding of public cloud platforms with a primary focus on GCP and foundational knowledge of AWS, including native security services, complex IAM trust policies, and network perimeters.
• Experience leveraging AI-enabled security platforms and automation strategies to scale risk identification and integrate security guardrails into engineering workflows
• Proven track record of leading deep-dive threat modeling sessions and bridging the gap between product requirements and infrastructure implementation.
• Strong proficiency with Infrastructure as Code (specifically Terraform) and securing containerized workloads (Kubernetes/GKE).
• Deep knowledge of security frameworks (NIST, CIS, ISO 27001), compliance regulations, and modern cloud security best practices.

Preferred Qualifications:

• Strategic Influence: Ability to define security strategy for multiple business units and influence stakeholders from DevOps to the C-Suite.
• Communication: Skilled at translating "security-speak" into actionable business logic for non-technical partners.
• Analytical Rigor: A proactive problem-solver who doesn't just find holes but builds the patches and the processes to prevent them

LI-Y*