Senior Multi-Cloud Cybersecurity Architect (Azure / AWS / GCP)

Vaco is currently seeking a Cloud Security Engineer (Azure / AWS / GCP) for a Direct-Hire opportunity that is located in Dallas, TX 75231 (onsite 1-2 days per week). The Cloud Security Architect will architect and secure a dynamic, evolving enterprise environment. The Cloud Security Architect is high-impact and centers on designing integrated security patterns, remediating misconfigurations, establishing organization-wide guardrails, and guiding cross-functional teams through secure implementation and ongoing adaptation, including new applications, acquisitions, and SaaS extensions, while mentoring juniors and driving leadership in cloud security practices.

• Cloud Security Architecture

• Design / Implement Secure Architecture Patterns / Controls Across Azure / AWS - Understanding Enforcement Mechanisms via Cloud Security Posture Management
• Support Secure Migration / Re-Platforming of OnPrem Environments to Cloud Ecosystems
• Develop Guardrails / Hardening Guidelines for IaaS / PaaS / SaaS Workloads
• Define / Oversee Cloud-Native Security Controls - Azure Defender / AWS Security Hub
• Deploy Cybersecurity Operations / Hardening Standards Across all Environments
• Application / Network Team Collaboration - Configuring WAF to Enforce Security Principles
• Define / Enforce WAF / Traditional Network Firewall Rules
• IAM Effort Support - RBAC / PIM / PAM

• Collaboration / Enablement

• Participate in Application Design / Development Processes - Providing Security Input / Oversight from Conception
• Application Development / Infrastructure Team Partnership - Embedding Security into CI/CD Pipelines / DevOps Practices
• Vulnerability / Misconfiguration Remediation - Guiding / Recommending from Vulnerability Assessment / Posture Management Tools (Scanners / SAST / DAST / CSPM)
• Serve as Trusted Advisor on Cloud Security

• Security / Engineering

• Automation / Secure Adoption Support - Moving Towards DevSecOps using IaC
• Evaluate /Integrate Security Tools Throughout the Enterprise Ecosystems
• Support Ingestion Logs into Central SIEM for Proactive Monitoring / Threat Detection
• Conduct Proactive Threat Hunting in Cloud Environments - Identifying / Mitigating Advanced Threats
• Participate in Incident Response / Threat Modeling
• SCO / Incident Response Team Collaboration - Investigating / Mitigating Threats
• Perform Security Reviews / Threat Modeling / Risk Assessment for New / Existing Cloud Services
• Actively Participate in Incident Response / Business Continuity / DR Exercises

• Governance / Risk / Compliance

• Ensuring Adherence to Well-Architected Frameworks / Regulatory Requirements NIST / CIS / HIPPS / FedRAMP / SOCII)
• Support Audit / Compliance Initiatives

• Security Awareness / Mentorship - Educate / Mentor Engineering / Operations Teams on Secure Architecture Principles / Emerging Threats, Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.
• California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
• Virginia residents may access our state specific policies here.
• Residents of all other states may access our policies here.
• Canadian residents may access our policies in English here and in French here.
• Residents of countries governed by GDPR may access our policies here.

Pay Transparency Notice

Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:

• the individual's skill sets, experience and training;
• licensure and certification requirements;
• office location and other geographic considerations;
• other business and organizational needs.

With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.

• Security Certifications - Security+ CSSP / CISSP / AWS Certified Security Specialty / Azure Security Engineer
• Cloud Security Engineer (hands-on) (3+ years) - Multi-Cloud Platforms (Azure / AWS / GCP)
• Cloud-Native / Cloud Infrastructure Security (strong knowledge) - Cloud-Native Services / IAM / Encryption / Key Management / Network Security
• Hybrid Cloud / Hybrid Infrastructure Management - Working with OnPrem Infrastructure / SaaS-based Solutions
• Cloud-Native Security Operations / SecOps - SIEM/SOAR Technologies / CSOM / CWPP / IAM / PAM Solutions
• Network Security Tool Management / Configuration - Managing WAF / Firewall Configurations
• Effective Team Collaboration - Collaborating Across Infrastructure / Cloud Architects / Engineers, etc.

PREFERRED (not required)

• Security Tools / Platforms - CrowdStrike / Falcon Cloud / MDC (Defender for Cloud) / Sentinel / Qualys
• IaC Tools (familiarity) - Container Security / API Security
• Regulatory Frameworks / Security Standards - NIST / SOCII / FedRAMP / HIPPA / PCI-DSS
• DevOps Tooling - Azure DevOps / Veracode / GITHub
• Excellent Written / Verbal Communication Skills - Ability to Explain Complex Security Topics to Technical / Non-Technical Stakeholders