Cloud Security Architect

Summary

Join GuidePoint Security as a Cloud Security Architect to lead the design, assessment, and governance of secure cloud environments for clients. You will deliver security consulting engagements, including architecture design, risk assessments, and cloud-native control implementation. The ideal candidate possesses technical AWS and multi-cloud expertise, strong client advisory skills, and experience mentoring junior staff. This role involves contributing to internal methodologies and supporting pre-sales efforts. You will help organizations enhance their security posture, implement scalable guardrails, and adopt modern DevSecOps and CNAPP practices. GuidePoint offers a fast-growing consultancy environment.

Requirements

• Minimum of 5 years of designing AWS architecture and operating AWS workloads in medium to large AWS environments
• AWS knowledge must include networking, data security, identity and access management, and automation, and extensive hands-on with Amazon’s cloud-native security tooling services
• Strong knowledge of IAM patterns (RBAC, ABAC), federated access, permission boundaries, SCPs, and RCPs
• Proficiency in Infrastructure as Code (Terraform, CloudFormation) and secure coding practices
• Experience with CIEM, CSPM, or CWPP tools
• Skilled in threat modeling, risk analysis, and mapping controls to frameworks (e.g., NIST, CIS, MITRE ATT&CK)
• Development knowledge or experience with Infrastructure as Code (IaC), such as Terraform, CloudFormation, or CDK
• Working knowledge with the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM)
• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines
• Scripting or automation skills (e.g., Python, Bash, or PowerShell)
• Bachelor’s or equivalent experience in Cybersecurity, Computer Science, Engineering, or related field

Responsibilities

• Design secure cloud architectures and reference models for AWS and multi-cloud environments
• Conduct in-depth cloud security assessments to identify security misconfigurations, architecture and cloud operations risks, and compliance gaps
• Advise clients on AWS identity and access management strategies including IAM roles, policies, federation, and ABAC/RBAC models
• Develop and implement cloud governance strategies including tagging taxonomies, policy enforcement with SCPs, RCPs, DPs, and Policy as Code patterns
• Perform threat modeling and risk assessments for cloud-native applications and workloads
• Guide secure implementation of Infrastructure as Code with Terraform, CloudFormation, and AWS CDK
• Integrate security controls into client CI/CD pipelines and DevOps workflows
• Understanding of CNAPP (CSPM, CIEM, and CWPP) tooling and how it may supplement and/or replace cloud-native solutions
• Work with internal pre-sales teams in identifying use-cases and opportunities for third-party security tooling (e.g., CNAPP, Secrets Management, data security, cloud detection and response, NHI, etc.)
• Map cloud security controls to regulatory frameworks like PCI, SOC 2, HITRUST, NIST, ISO 27001, etc
• Assist clients with continuous compliance and audit readiness in cloud environments
• Prepare and present client deliverables such as security roadmaps, process improvements, gap analyses, architecture diagrams, cloud security strategies, and custom deliverables based on the needs of the client
• Lead AWS security workshops, technical interviews, and stakeholder briefings
• Contribute to internal methodologies, templates, and reusable assessment frameworks
• Mentor junior consultants and support knowledge sharing within the consultancy
• Assist with scoping and pre-sales activities including proposals and statements of work (SOWs)

Preferred Qualifications

• Ability to lead technical workshops, discovery sessions, and architecture reviews with clients
• Comfortable advising both technical and non-technical stakeholders on cloud security strategy
• Skilled in producing high-quality deliverables and communicating complex concepts clearly
• Experience mentoring junior staff or guiding cross-functional teams on cloud security best practices
• Collaborative mindset with a strong consulting presence and client service orientation
• Preferred certifications: CISSP, CCSP, CCSK
• AWS Cloud certifications: AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional
• Other CSP Certifications: Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer
• Ongoing commitment to professional development and staying current with cloud and security trends and certifications

Benefits

• Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
• Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family) and GPS will contribute in one lump sum: ($500 per EE annually / $1000 per family annually (includes spouse/children/family options)
• Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
• 12 corporate holidays and a Flexible Time Off (FTO) program
• Healthy mobile phone and home internet allowance
• Eligibility for retirement plan after 2 months at open enrollment
• Pet Benefit Option