Cloud Network Security Architect - AWS / Zero Trust

The Cloud Network Security Architect is responsible for designing, implementing, and governing secure cloud network architectures across hybrid and multi-cloud environments. This role ensures the confidentiality, integrity, and availability of enterprise systems by defining security-by-design network frameworks aligned with business, compliance, and risk management objectives., * Enterprise Zero Trust Network Architect: implement Zero Trust network architecture, including segmentation, least-privilege access, and consistent policy enforcement across users, workloads, and services in hybrid environments.

• Network Security Design: Design and validate secure on-prem and cloud networking patterns (VPC/VNet, subnets, routing, TGW/peering, ingress/egress) using cloud-native controls and enterprise platforms.
• Cross-Functional Requirements & Architecture Translation: Partner with application/platform/infrastructure teams to capture connectivity and security requirements (ports/protocols, data flows, trust boundaries) and translate them into actionable security architectures.
• Firewall & Segmentation Strategy Owner: Define and standardize firewall policies and segmentation models, providing clear guidance on use of Palo Alto/Prisma vs. cloud-native mechanisms (SG/NSG, NACLs, route controls).
• Architecture Governance & Adoption : Lead design reviews, threat modeling, and exception handling; produce and maintain standards, reference designs, and architecture decision records to drive secure-by-design outcomes.
• Operational Enablement & Continuous Improvement: Collaborate with perimeter defense/SecOps to streamline rule discovery, risk review, approvals, and deployments (including automation); support troubleshooting and optimization for performance and resiliency.

Do you have experience in Virtual Private Clouds?, * 10+ years of experience in network and security architecture, with strong focus on cloud platforms.

• Deep expertise in cloud networking concepts: routing, DNS, load balancing, NAT, private connectivity, and network segmentation.
• Hands-on experience securing AWS and/or Azure networking services (VPC/VNet, Gateway, Firewall, Private Link, NSGs, Route Tables).
• Strong understanding of network security technologies: firewalls, WAF, IDS/IPS, DDoS, proxy, and micro-segmentation.
• Experience implementing zero-trust and identity-centric network access models.
• Proficiency with Infrastructure as Code and automation tools (Terraform, Ansible, CloudFormation).
• Solid understanding of TCP/IP, BGP, IPSec, TLS, and network encryption mechanisms.
• Experience working in regulated and compliance-driven environments.
• Cloud certifications (AWS Certified Security - Specialty, Azure Security Engineer, CCSP).
• Experience with multi-cloud or large-scale cloud migration programs.
• Knowledge of SASE, CASB, and secure access service edge architectures.
• Familiarity with SIEM/SOAR and security monitoring integrations.
• Experience supporting DevSecOps and CI/CD security integration.

Pulled from the full job description

• 401(k)
• Health insurance
• Paid time off
• Vision insurance
• Dental insurance
• Employee assistance program
• Disability insurance, The base compensation range for this role in the posted location is: $94,248 - $215,050.

Capgemini provides compensation range information in accordance with applicable national, state, provincial, and local pay transparency laws. The base compensation range listed for this position reflects the minimum and maximum target compensation Capgemini, in good faith, believes it may pay for the role at the time of this posting. This range may be subject to change as permitted by law.

The actual compensation offered to any candidate may fall outside of the posted range and will be determined based on multiple factors legally permitted in the applicable jurisdiction.

These may include, but are not limited to: Geographic location, Education and qualifications, Certifications and licenses, Relevant experience and skills, Seniority and performance, Market and business consideration, Internal pay equity.

It is not typical for candidates to be hired at or near the top of the posted compensation range.

In addition to base salary, this role may be eligible for additional compensation such as variable incentives, bonuses, or commissions, depending on the position and applicable laws.

Capgemini offers a comprehensive, non-negotiable benefits package to all regular, full-time employees. In the U.S. and Canada, available benefits are determined by local policy and eligibility and may include:

• Paid time off based on employee grade (A-F), defined by policy: Vacation: 12-25 days, depending on grade, Company paid holidays, Personal Days, Sick Leave

• Medical, dental, and vision coverage (or provincial healthcare coordination in Canada)

• Retirement savings plans (e.g., 401(k) in the U.S., RRSP in Canada)

• Life and disability insurance

• Employee assistance programs

• Other benefits as provided by local policy and eligibility

Important Notice: Compensation (including bonuses, commissions, or other forms of incentive pay) is not considered earned, vested, or payable until it becomes due under the terms of applicable plans or agreements and is subject to Capgemini's discretion, consistent with applicable laws. The Company reserves the right to amend or withdraw compensation programs at any time, within the limits of applicable legislation.

Capgemini ist einer der weltweit führenden Anbieter von Management- und IT-Beratung, Technologie-Services und Digitaler Transformation. Als ein Wegbereiter für Innovation unterstützt das Unternehmen seine Kunden bei deren komplexen Herausforderungen rund um Cloud, Digital und Plattformen.