Role Overview: As the Lead Security Architect for AWS and Rego Policies, you will be responsible for architecting, implementing, and enforcing security best practices across our AWS cloud infrastructure. You will play a pivotal role in shaping the security governance and policy enforcement strategy using Rego-based policies and other AWS security tools. This role requires a blend of deep technical expertise in cloud security, strong leadership skills, and the ability to collaborate across teams to ensure the highest standards of security in our cloud environments.
Key Responsibilities:
Cloud Security Architecture:
Lead the design and implementation of secure, scalable, and resilient cloud architectures in AWS.
Define and enforce security policies for cloud environments, ensuring that AWS services are configured in alignment with best practices (e.g., the AWS Well-Architected Framework).
Develop and maintain security architectures and frameworks for cloud-native applications, infrastructure as code (IaC), and containerized environments.
Rego Policy Development & Implementation:
Develop, deploy, and manage Rego policies (Open Policy Agent) to enforce security, compliance, and operational governance across cloud resources.
Integrate Rego policies with AWS services and CI/CD pipelines for automated policy enforcement and security monitoring.
Ensure policies are easily maintainable, scalable, and adaptable to evolving business and security needs.
Security Automation & Governance:
Drive the implementation of security automation initiatives in AWS using Infrastructure as Code (IaC), AWS CloudFormation, Terraform, and other automation frameworks.
Develop and maintain custom security controls and compliance policies to ensure continuous monitoring and adherence to security standards.
Perform security assessments and audits, recommending changes as needed to achieve a compliant and secure environment.
Collaboration & Leadership:
Lead and mentor a team of security architects and engineers, providing guidance on cloud security best practices and tools.
Collaborate closely with DevOps, engineering, and infrastructure teams to implement secure cloud solutions.
Work with product and compliance teams to ensure alignment with regulatory requirements and security best practices.
Incident Response & Risk Management:
Respond to security incidents and lead the efforts to investigate, mitigate, and remediate security issues in cloud environments.
Identify and manage security risks, ensuring effective risk management strategies are in place for AWS workloads.
Stay current with the latest security trends, emerging threats, and advancements in AWS security technologies.
Continuous Improvement:
Stay up to date with AWS security services, new features, and best practices to continuously improve the security posture of the organization.
Promote a security-first mindset within the organization, helping to build a culture of security across the engineering and operations teams.
Qualifications:
Experience:
8+ years of experience in information security, with at least 4 years in cloud security architecture, specifically in AWS.
Strong hands-on experience with AWS services (e.g., EC2, S3, IAM, Lambda, KMS, VPC, GuardDuty, etc.).
Proven expertise in implementing Rego policies using Open Policy Agent (OPA) and integrating them into cloud environments.
Solid experience with Infrastructure as Code (IaC) tools such as Terraform, AWS CloudFormation, or similar.
Experience in security automation, continuous integration/continuous deployment (CI/CD) pipelines, and security tooling in cloud environments.
Skills & Knowledge:
In-depth knowledge of AWS security best practices, compliance frameworks (e.g., CIS AWS Foundations, NIST, SOC2), and security monitoring tools.
Familiarity with containerization and orchestration technologies such as Docker and Kubernetes, and securing these environments.
Proficiency in scripting languages (e.g., Python, Shell, Go, or similar).
Experience with identity and access management (IAM), encryption technologies, network security, and cloud threat detection.
Certifications (Preferred but not required):
AWS Certified Security – Specialty
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Certified Kubernetes Security Specialist (CKS)
Personal Attributes:
Strong analytical and problem-solving skills, with a proactive approach to addressing security challenges.
Ability to lead and mentor teams, fostering collaboration across cross-functional groups.
Excellent communication skills, with the ability to explain complex security concepts to both technical and non-technical stakeholders.
Passion for continuous learning and staying ahead of emerging threats in the cloud security space.