Cloud Security Architect || Remote || GC & USC

[nikhil tiwari]

Title                 :           Cloud Security Architect
Duration              :             6+ Month
Location               :             Remote


MUST be strong in all 3 Cloud Platforms (AWS, Azure, GCP).....GCP experience must be super strong.

JOB :
We are seeking an experienced Ulti-Cloud Security Architect for a 6-month contract engagement to enhance the security posture of our multi-cloud environments across AWS, Azure, and Google Cloud Platform (GCP). This is a hands-on technical role requiring a seasoned professional who can work closely with internal teams to assess, remediate, and implement comprehensive cloud security controls while providing strategic guidance on overall multi-cloud architecture design.
Key Responsibilities
Identity and Access Management (IAM) Cleanup and Centralization
• Identify and remove shared accounts, orphaned accounts, and overly permissive roles across all cloud platforms
• Ensure service accounts are properly scoped and used only for intended automation use cases
• Implement and document RBAC and least privilege access controls across AWS, Azure, and GCP
• Review and improve identity federation, ensuring centralization via SSO or identity provider
• Implement or enhance provisioning and deprovisioning workflows, including automation
• Restrict permissions to deploy or manage infrastructure to authorized personas only
Perimeter Security and WAF Deployment
• Assess all internet-facing resources and APIs across AWS, Azure, and GCP
• Deploy or enhance Web Application Firewalls (WAF) in front of API gateways and public-facing endpoints
• Implement compensating controls and monitoring for workloads that bypass centralized firewalls
• Provide a comprehensive plan to maintain visibility and control over ingress traffic, including logging and alerting
Security Group and Network Access Control Standardization
• Audit the current use of security groups, NSGs, and firewall rules across each platform
• Define and deploy consistent security group rules based on workload types and zones (web tier, app tier, data tier)
• Remove unused or risky rules (overly permissive 0.0.0.0/0 inbound access)
• Work with stakeholders to ensure changes are implemented safely without service disruption
Cloud Security Architecture and Automation
• Design and implement secure cloud infrastructure configurations, including network segmentation, access controls, and account architecture
• Apply well-architected security principles and automation improvements across AWS, Azure, and GCP
• Implement Infrastructure as Code automation using Terraform (and optionally Snyk) for security controls, compliance, and monitoring
• Deploy and manage native security tools across all platforms for monitoring, alerting, and incident response
• Document all changes, findings, and architectural decisions; provide recommendations for long-term improvements and automation opportunities
Documentation and Strategic Guidance
• Align with internal security and cloud teams on implementation strategies
• Provide consultation on the overall multi-cloud architecture design
• Deliver comprehensive documentation, playbooks, and knowledge transfer materials
Required Qualifications
Technical Expertise
• 7+ years of experience in cloud security architecture and implementation
• Expert-level knowledge of GCP, AWS, and Azure security services and best practices
• Strong experience with Identity and Access Management (IAM) across multiple cloud platforms
• Proven experience with Web Application Firewall (WAF) deployment and configuration
• Deep understanding of network security controls, security groups, NSGs, and firewall rules
• Experience with Infrastructure as Code (Terraform, ARM templates, Cloud Deployment Manager)
• Hands-on experience with native security tools:
o AWS: IAM, GuardDuty, Security Hub, Config, CloudTrail, WAF, Shield, Secrets Manager
o Azure: Entra ID (Azure AD), Sentinel, Defender for Cloud, Key Vault, Firewall, Monitor, Policy
o GCP: Security Command Center, Cloud IAM, Cloud Armor, VPC Firewall Rules, Cloud Operations Suite
Additional Requirements
• Experience with security frameworks and standards (NIST, CIS, ISO 27001, SOC 2, PCI DSS)
• Strong understanding of DevSecOps methodologies and secure SDLC practices
• Experience with SIEM integration and security monitoring tools
• Excellent documentation and communication skills
• Ability to work independently in a fast-paced environment
• Strong problem-solving and analytical abilities
Additional Experience
• Experience with multi-cloud management tools and platforms
• Background in enterprise architecture and governance
• Experience with compliance frameworks (CIS, PCI DSS)
• Knowledge of threat modeling and risk assessment methodologies
• Experience with penetration testing and vulnerability management
• Nice to have: Experience with Terraform and Snyk for automation and security testing
Key Expectations
• Hands-on implementation – not just advisory role
• Collaborative approach – work closely with internal security and cloud teams
• Comprehensive documentation – all changes, findings, and decisions must be documented
• Strategic thinking – provide long-term recommendations and automation opportunities
• Stakeholder management – effectively communicate with technical and non-technical teams.
Certifications
• AWS Certified Security - Specialty
• Azure Security Engineer Associate
• Google Cloud Professional Cloud Security Engineer
• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Security Professional (CISSP)
• Cloud Security Alliance certifications (CCSK)