Role Overview: As the Lead Security Architect for AWS and Rego Policies, you will be responsible for architecting, implementing, and enforcing security best practices across our AWS cloud infrastructure. You will play a pivotal role in shaping the security governance and policy enforcement strategy using Rego-based policies and other AWS security tools. This role requires a blend of deep technical expertise in cloud security, strong leadership skills, and the ability to collaborate across teams to ensure the highest standards of security in our cloud environments.
Key Responsibilities:
Cloud Security Architecture:
Lead the design and implementation of secure, scalable, and resilient cloud architectures in AWS.
Define and enforce security policies for cloud environments, ensuring that AWS services are configured in alignment with best practices (e.g., the AWS Well-Architected Framework).
Develop and maintain security architectures and frameworks for cloud-native applications, infrastructure as code (IaC), and containerized environments.
Rego Policy Development & Implementation:
Develop, deploy, and manage Rego policies (Open Policy Agent) to enforce security, compliance, and operational governance across cloud resources.
Integrate Rego policies with AWS services and CI/CD pipelines for automated policy enforcement and security monitoring.
Ensure policies are easily maintainable, scalable, and adaptable to evolving business and security needs.
Security Automation & Governance:
Drive the implementation of security automation initiatives in AWS using Infrastructure as Code (IaC), AWS CloudFormation, Terraform, and other automation frameworks.
Develop and maintain custom security controls and compliance policies to ensure continuous monitoring and adherence to security standards.
Perform security assessments and audits, recommending changes as needed to achieve a compliant and secure environment.
Collaboration & Leadership:
Lead and mentor a team of security architects and engineers, providing guidance on cloud security best practices and tools.
Collaborate closely with DevOps, engineering, and infrastructure teams to implement secure cloud solutions.
Work with product and compliance teams to ensure alignment with regulatory requirements and security best practices.
Incident Response & Risk Management:
Respond to security incidents and lead the efforts to investigate, mitigate, and remediate security issues in cloud environments.
Identify and manage security risks, ensuring effective risk management strategies are in place for AWS workloads.
Stay current with the latest security trends, emerging threats, and advancements in AWS security technologies.
Continuous Improvement:
Stay up to date with AWS security services, new features, and best practices to continuously improve the security posture of the organization.
Promote a security-first mindset within the organization, helping to build a culture of security across the engineering and operations teams.
Qualifications:
Experience:
8+ years of experience in information security, with at least 4 years in cloud security architecture, specifically in AWS.
Strong hands-on experience with AWS services (e.g., EC2, S3, IAM, Lambda, KMS, VPC, GuardDuty, etc.).
Proven expertise in implementing Rego policies using Open Policy Agent (OPA) and integrating them into cloud environments.
Solid experience with Infrastructure as Code (IaC) tools such as Terraform, AWS CloudFormation, or similar.
Experience in security automation, continuous integration/continuous deployment (CI/CD) pipelines, and security tooling in cloud environments.
Skills & Knowledge:
In-depth knowledge of AWS security best practices, compliance frameworks (e.g., CIS AWS Foundations, NIST, SOC2), and security monitoring tools.
Familiarity with containerization and orchestration technologies such as Docker and Kubernetes, and securing these environments.
Proficiency in scripting languages (e.g., Python, Shell, Go, or similar).
Experience with identity and access management (IAM), encryption technologies, network security, and cloud threat detection.
Certifications (Preferred but not required):
AWS Certified Security – Specialty
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Certified Kubernetes Security Specialist (CKS)
Personal Attributes:
Strong analytical and problem-solving skills, with a proactive approach to addressing security challenges.
Ability to lead and mentor teams, fostering collaboration across cross-functional groups.
Excellent communication skills, with the ability to explain complex security concepts to both technical and non-technical stakeholders.
Passion for continuous learning and staying ahead of emerging threats in the cloud security space.
The latest news, articles, and resources, sent to your inbox weekly.
Cloud IT Security SpecialistCentral London - Contract - £650-£775 per day inside IR35Background:We're seeking an accomplished Cloud IT Security Specialist to join our exceptional client, working in a secure on-site environment to drive major business, process and technical transformation across their complex organisation. This role will require you to undergo...
London
Join a digital first bank that’s powered by people.Our technology team builds innovative digital solutions rapidly and at scale to deliver the next generation of banking services for our customers around the world.You’ll have an impact on bringing digital-first banking to our customers by defining the future state architecture vision...
HSBC Global Services Limited Edinburgh
Currently looking for a Security Architect to join one of my consultancy clients. The role is initially 6 months with an option to extend. It's outside IR35 and can be worked remotely with occasional trips to Canary Wharf. Rate wise, we're looking at £550-£700 per day (outside IR35).Background required:Review the...
Lime Street
We are partnered with a reputable global consultancy that is looking for a Security Architect to work on a very exciting LONG-TERM PROJECT in the energy sector.Role: Security ArchitectLocation: Reading Area – Hybrid – 2/3 days per weekDuration: 6 months (initially – view to extend)Role Description:Lead the design and implementation...
Reading
We’re looking for a Security Architect responsible for creating, maintaining, and enforcing the frameworks, processes, and technical designs that safeguard N Brown’s data, systems, and overall digital ecosystem. You’ll serve as the primary bridge between business priorities and needs, ensuring that all technology initiatives are aligned with robust principles. You’ll...
Manchester
DescriptionAt Ness Digital Engineering, we enable global enterprises to achieve their digital transformation goals through innovative IT consulting. As part of our Cloud and Data practice, we deliver strategic guidance and cutting-edge solutions in cloud mobility, software modernization, and automation.We are a team of problem-solvers, architects, and strategists who thrive...
Ness Digital Engineering London
