Cloud Security Architect

VDart, Inc.
Bethesda, United States of America
4 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 160K

Job location

Remote
Bethesda, United States of America

Tech stack

Kubernetes Security
Amazon Web Services (AWS)
Amazon Web Services (AWS)
Amazon Web Services (AWS)
Audit Trail
Azure
Cloud Computing
Cloud Computing Security
Cloud Engineering
Computer Security
Computer Networks
Information Leak Prevention
DevOps
Identity and Access Management
Information Systems Security Architecture Professional
Network Segmentation
Role-Based Access Control
Cloud Services
Zero Trust Network Access
Data Logging
Google Cloud Platform
Data Classification
Software Security
Multi-Cloud
Amazon Web Services (AWS)
Containerization
Kubernetes
Information Technology
Route53
Firewall Services Module
Terraform

Job description

We are seeking an experienced Cloud Security Architect to lead the design and implementation of secure cloud infrastructure across our AWS-based environments. This role will focus on securing network boundaries, containerized workloads (such as Kubernetes and Amazon EKS), cloud-native data storage (e.g., S3), and overall cloud infrastructure components. You will serve as the security expert in cloud architecture projects, ensuring all designs align with best practices and compliance requirements. CANDIDATE PROFILE, * Designs and maintains secure architectures for cloud infrastructure in AWS, AliCloud, and any cloud Marriott operates in, defining security reference architectures and guardrails for services like VPC, subnets, security groups, and IAM roles.

  • Implements and validates network segmentation, ingress/egress controls, and virtual firewall configurations for cloud infrastructure components (EC2, ALB/NLB, Route 53, VPCs, Transit Gateways).
  • Secures containerized workloads in Amazon EKS or self-managed Kubernetes clusters, defining security controls including RBAC, network policies, pod security standards, and image scanning.
  • Collaborates with DevOps and platform teams to integrate security into CI/CD pipelines and container registries.
  • Ensures secure configuration of cloud-native storage solutions (S3, EBS, EFS), implementing encryption, logging, access control, and data classification.
  • Evaluates and enforces policies around public access, bucket-level permissions, and data loss prevention for cloud-stored data.
  • Ensures cloud solutions comply with internal policies and external regulatory requirements (ISO 27001, SOC 2, HIPAA, GDPR).
  • Contributes to threat modeling, risk assessments, and architecture review processes for new and existing workloads.
  • Defines and implements logging and monitoring strategies using CloudTrail, GuardDuty, Security Hub, and container-level telemetry.
  • Collaborates with Security Operations and Incident Response teams on alerts and forensic readiness.
  • Conducts security and privacy technology research, assessments, and integration processes; provides and supports prototype capabilities.
  • Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards.
  • Provides sound advice and recommendations to leadership and staff on cloud security topics, translating technical security risks into business impact.
  • Manages and measures information security implications within the organization, including strategic planning, risk management, and security awareness.

Requirements

  • Bachelor's or Master's degree in Computer Science, Information Security, or related field, or equivalent professional experience.
  • 7+ years of experience in cybersecurity with at least 3+ years focused on cloud security in AWS.
  • Hands-on expertise in AWS services (VPC, EC2, EKS, S3, IAM, CloudTrail, KMS, GuardDuty), Kubernetes security, and Infrastructure-as-Code security (Terraform).

Preferred

  • Cloud Security Certifications: AWS Certified Security Specialty, AWS Certified Solutions Architect, Certified Kubernetes Security Specialist (CKS), CISSP, or GCSA.
  • Multi-Cloud Security Experience: Experience securing workloads across AWS, Azure, and GCP with understanding of platform-specific security implications.
  • Zero Trust Architecture: Familiarity with Zero Trust principles, identity-aware access policies, microsegmentation strategies, and secure service-to-service communication.

Benefits & conditions

  • $70.00-77.00 per hour Join a leading digital health technology company''s engineering team to help build and secure the cloud infrastructure behind software that connects hospitals, clinicians, and pati…

  • 11 days ago

About the company

Vantor + Springfield, VA + $137,000-200,200 per year Vantor is forging the new frontier of spatial intelligence, helping decision makers and operators navigate what's happening now and shape what's coming next. Vantor is a place for …

Apply for this position