AWS Network and Security Lead

The AWS Network and Security Lead is responsible for designing, implementing, and managing secure, scalable, and highly available cloud network infrastructures on Amazon Web Services (AWS). This role leads the strategy, governance, and execution of cloud networking and security architecture, ensuring the protection, compliance, and performance of enterprise workloads.

The position requires deep hands-on expertise in AWS networking and security services, strong stakeholder and team leadership, and the ability to drive cloud-security best practices across the organisation.

Key Responsibilities

Network Architecture & Engineering

Design, implement, and optimise complex AWS network architectures using VPCs, Transit Gateways, Direct Connect, VPN, Elastic Load Balancing, Route 53, and PrivateLink.

Define and manage network segmentation strategies, routing policies, and hybrid connectivity models.

Ensure high availability, performance, and resiliency across multi-region and multi-account AWS network environments.

Oversee IP address management (IPAM) and global traffic management.

Security Architecture & Operations

Lead the design, implementation, and enforcement of AWS security controls and guardrails.

Implement and manage:

AWS WAF, AWS Shield, Security Groups, NACLs

AWS KMS (encryption at rest), IAM, SCPs, AWS Organizations

AWS Config, GuardDuty, Inspector, Security Hub

Develop and maintain security baselines, network policies, and compliance frameworks (ISO 27001, CIS, NIST, PCI-DSS).

Perform threat modelling, vulnerability assessments, and risk analysis.

Lead incident response processes for cloud security events.

Cloud Governance & Best Practices

Define governance models for multi-account AWS environments using Landing Zones/Control Tower.

Establish and enforce tagging standards, monitoring standards, and network/security automation.

Develop and maintain runbooks, playbooks, high-level and low-level designs (HLD/LLD).

Automation & DevSecOps

Implement infrastructure as code (Terraform, CloudFormation, CDK) for network and security provisioning.

Integrate security tooling into CI/CD pipelines.

Automate compliance and drift detection using AWS native tools and scripting (Python/Bash).

Technical Expertise

7+ years of hands-on AWS networking/security experience.

Deep knowledge of:

VPC design, routing, Transit Gateway, Direct Connect, BGP

Firewalls (AWS Network Firewall, Palo Alto, Check Point)

IAM, KMS, Secrets Manager, Certificate Manager

Monitoring and logging (CloudWatch, CloudTrail, Lambda, OpenSearch)

Strong understanding of Zero Trust, least privilege, defence-in-depth, and cloud-native security models.

Tools & Technologies

IaC: Terraform, CloudFormation, CDK

Security: GuardDuty, Security Hub, Shield, WAF

Networking: SD-WAN, DNS, DHCP, NAT architectures

Scripting: Python, Bash

CI/CD: Jenkins, GitLab CI, GitHub Actions, AWS CodePipeline