Cloud Security Architect - St. Louis, MO
Role details
Job location
Tech stack
Job description
We are looking for a Cloud Security Architect to serve as the embedded security authority within our software engineering team. This is a hands-on technical role - not a compliance or audit seat. We're looking for someone who has built and hardened real cloud infrastructure, understands how engineers think, and can help us make security decisions that are pragmatic and grounded in how our systems work.
You'll own our security posture across Azure, Kubernetes, and our infrastructure-as-code practices, while also serving as the go-to resource for engineers working through security challenges day to day. If you've come up through DevOps or platform engineering and grown into security ownership, this role was written for you. A Day In The Life
Every day at Hubbell is different and you'll contribute in many ways. On any given day, you'll make a difference by:
Security Best Practices & Architecture Guidance
- Define and champion security best practices across our software solutions and development lifecycle, with a focus on our Azure-hosted infrastructure.
- Review Terraform configurations and infrastructure-as-code changes to identify security misconfigurations and ensure alignment with policy and compliance requirements.
- Establish and maintain security standards for our Kubernetes environments (AKS and EKS), including RBAC policies, network segmentation, secrets management, and container security.
- Review architecture and design decisions to identify and mitigate security risks early.
- Develop and maintain security guidelines, standards, and reference architectures for the engineering team.
Security Advisory & Decision Support
- Act as the in-house security expert - available to help the team make well-informed, security-conscious decisions.
- Evaluate third-party tools, vendors, and integrations from a security perspective.
- Provide guidance on threat modeling, risk assessment, and security trade-offs.
Compliance & Standards Ownership
- Own and maintain our compliance posture in alignment with the standards and frameworks established by our external cybersecurity team.
- Participate in SOC 2 audit activities, including control execution, evidence collection, and direct engagement with auditors when needed.
- Proactively identify compliance gaps and drive remediation efforts in partnership with engineering leads.
- Serve as the primary liaison between the software team and the external cybersecurity organization.
RFP & Security Questionnaire Response
- Lead the completion of security questionnaires as part of the RFP and sales process.
- Maintain accurate, up-to-date documentation of our security posture to streamline future questionnaire responses.
Requirements
- 8+ years in a DevOps, platform engineering, or cloud infrastructure role with meaningful security ownership - or an equivalent blend of engineering and security experience.
- Hands-on experience securing Azure environments, including Azure AD/Entra ID, IAM, and network security controls.
- Experience reviewing and hardening Terraform and other infrastructure-as-code for security misconfigurations and policy compliance.
- Working knowledge of Kubernetes security in managed environments (AKS and/or EKS), including RBAC, network policies, secrets management, and container image scanning.
- Participated in at least one SOC 2 audit cycle - familiar with control mapping, evidence collection, and working with auditors.
- Comfortable translating technical security posture into RFP questionnaire responses and compliance documentation.
- Proven ability to communicate with engineers at a peer level and with non-technical stakeholders without losing either audience.
- Bachelor's degree in computer science, engineering, or a related field.
Preferred
- Background in DevSecOps - integrating security tooling (Checkov, Mend, Checkmarx, or other SCA/SAST/DAST tooling) into CI/CD pipelines.
- Familiarity with AKS security controls, including Azure Policy for Kubernetes, Defender for Containers, and container image scanning via ACR
- AZ-500 (Microsoft Azure Security Engineer) or similar cloud-focused certification.
- Exposure to AWS security controls in addition to Azure.
- Familiarity with threat modeling and secure design review processes.