Cloud Security Architect

Tata Consultancy Services Limited
Irvine, United States of America
21 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
$ 140K

Job location

Irvine, United States of America

Tech stack

Java
.NET
Amazon Web Services (AWS)
Amazon Web Services (AWS)
Software System Penetration Testing
Burp Suite
Cloud Computing Security
Code Review
Computer Security
Computer Networks
Custom Software
Data Centers
Database Security
DevOps
Middleware
Oracle Exadata
Federated Identity Management
Identity and Access Management
Intrusion Detection Systems
Microsoft SQL Server
Windows Server
Network Segmentation
Oracle Applications
Role-Based Access Control
Red Hat Enterprise Linux - RHEL
Fortify (Software)
Zero Trust Network Access
Security Information and Event Management
Data Logging
HybridCloud
Information Technology
Nessus
Enterprise Integration
Checkmarx
Firewall Services Module
TIBCO (Software)
Qualys
Vulnerability Analysis

Job description

  • Lead cloud security architecture for the Data Center Exit migration to AWS EC2.

  • Design and implement AWS Landing Zone security including IAM guardrails, SCPs, and logging.

  • Conduct application and infra vulnerability assessments and define remediation plans.

  • Implement WAF rules, firewall policies, secure segmentation, and endpoint protection.

  • Validate authentication, authorization, and encryption models for all migrated workloads.

  • Support secure deployment practices, code reviews, and remediation of development gaps.

  • Integrate SIEM systems with AWS native security tools for continuous monitoring.

  • Define and enforce cloud security baselines aligned with CIS, NIST, and ISO controls.

  • Lead penetration testing cycles and coordinate mitigation activities.

  • Produce security HLD/LLD, risk assessments, and operational security runbooks.

Requirements

Do you have experience in Zero Trust security?, Do you have a Bachelor's degree?, Must Have Technical/Functional Skills

  • Strong expertise in AWS cloud security architecture including IAM, KMS, GuardDuty, and CloudTrail.

  • Deep understanding of AWS Landing Zone, SCPs, governance, and enterprise security guardrails.

  • Experience with security for custom applications including vulnerability identification and remediation.

  • Proficiency with VAPT tools such as Nessus, Qualys, Burp Suite, Fortify, and Checkmarx.

  • Strong understanding of WAF, firewall management, IDS/IPS, and network segmentation.

  • Knowledge of OS-level security for Windows Server 2016-2025 and RHEL 7/8/9.

  • Familiarity with securing Java, .NET, TIBCO ESB, and integration-heavy workloads.

  • Understanding of database security for Oracle 19c, Exadata on AWS, and SQL Server.

  • Ability to apply Zero Trust, least privilege, encryption, and secure-by-design principles.

  • Strong collaboration skills across infra, app, DB, network, and DevOps teams., * Hands-on experience designing secure AWS multi-account Landing Zones and guardrail policies.

  • Strong understanding of EC2 security, IAM, encryption, and identity federation models.

  • Integration knowledge for Oracle Exadata on AWS, SQL Server, and middleware security flows.

  • Experience with AWS WAF, Shield, GuardDuty, Security Hub, and detective controls.

  • Ability to design security for EKS workloads including pod/network policies and image scanning.

  • Understanding of security in hybrid cloud migrations and AWS migration tooling., Qualifications : BACHELOR OF COMPUTER SCIENCE

Apply for this position