Senior Security Architect

Summary

Join Trace3 as a Sr. Cloud Security Architect, a Subject Matter Expert (SME) supporting account management teams throughout the pre- and post-sales lifecycle to drive cloud security solution adoption. Partner with sales, customer success, and delivery teams to shape secure, scalable architectures across AWS, Azure, GCP, and private cloud stacks. Lead technical discovery sessions, client workshops, and executive briefings, offering deep expertise in Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Cloud Infrastructure Entitlement Management (CIEM). Articulate risk, design security architectures, perform technical assessments, and position solutions in competitive pre-sales environments. Provide technical leadership in cloud architecture design, automation, threat modeling, and remediation guidance. Support proposal development, RFP responses, and account team and delivery partner enablement. This role requires strong collaboration and communication skills to work effectively with various teams and stakeholders.

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field – or equivalent professional experience
• 7+ years of hands-on experience in cloud security, cloud architecture, or security engineering roles
• Deep expertise in AWS, Azure, and/or GCP security models, native controls, identity frameworks, and architectural best practices
• Proven track record conducting cloud security risk assessments, architecture reviews, and technical remediation planning
• Experience implementing or evaluating cloud security platforms such as Wiz, Orca, Sysdig, Prisma Cloud, Lacework, AWS Security Hub, Azure Security Center, or GCP Security Command Center
• Working knowledge of cloud security compliance standards and frameworks (e.g., CIS Benchmarks, NIST 800-53, NIST 800-190, SOC 2, ISO 27001, PCI-DSS)
• Proven success collaborating within cross-functional teams including sales, engineering, DevOps, compliance, customer success, professional service delivery, and operations
• Adaptability in fast-paced, dynamic environments with shifting priorities and the demands of multiple stakeholders
• Experience mentoring peers or leading internal knowledge-sharing initiatives to raise overall cloud security maturity across teams
• Proficiency in CNAPP platforms (e.g., Wiz, Sysdig, Orca) and their application in pre-sales solutioning and client demonstrations
• Strong skills in cloud IAM hardening, secure network design, encryption strategies, and centralized logging and monitoring architectures
• Hands-on experience building and securing infrastructure using IaC tools (Terraform, CloudFormation, Pulumi) and enforcing policy-as-code (OPA/Rego)
• Ability to assess and communicate risks related to misconfigurations, over-permissioned roles, and exposed services across multi-cloud environments
• Experience with container and Kubernetes security, including workload protection, RBAC, image scanning, and runtime controls
• Excellent communication and presentation skills with the ability to translate technical findings into strategic, business-aligned recommendations for both technical and executive stakeholders

Responsibilities

• Serve as the pre-sales Subject Matter Expert (SME) for cloud security, providing architectural leadership across AWS, Azure, and GCP. Public cloud knowledge beyond the big three (OCP, IBM, etc.) and private cloud knowledge of solutions such as VMWare, OpenShift & OpenStack are all a plus
• Design and articulate secure multi-cloud architectures aligned with customer goals, risk posture, and compliance requirements
• Lead security posture assessments using established frameworks (CIS Benchmarks, NIST 800-190, CSA CCM, OWASP SAMM) to uncover strategic remediation and customer program development opportunities
• Guide the secure configuration and hardening of IaaS, PaaS, and SaaS environments with emphasis on least privilege, secure networking, and workload protection
• Collaborate with DevOps and platform engineering teams to embed security into CI/CD pipelines and infrastructure as code
• Lead technical discovery efforts and workshops to evaluate IAM, data protection (DSPM, DLP), encryption, and cloud-native compute and network controls
• Conduct cloud attack surface assessments across containerized apps, serverless functions, and managed services to identify and communicate risk
• Support pre-sales threat modeling efforts, helping clients visualize and mitigate risks in proposed or existing cloud architectures
• Evaluate and position CSPM, CWPP, and CIEM solutions (e.g., Wiz, Prisma Cloud, Orca, Microsoft Defender for Cloud) in alignment with client needs
• Advise on real-time cloud detection and response strategies using SIEMs, XDR/XSIAM, and native CSP tools (e.g., GuardDuty, Azure Sentinel)
• Architect automated security workflows using IaC (Terraform, Pulumi, CloudFormation) and policy-as-code (OPA/Rego) to enforce guardrails and accelerate remediation
• Integrate cloud security telemetry with existing SOC pipelines, enhancing detection coverage and threat correlation
• Develop and support cloud-specific incident response strategies, covering threats like identity compromise, container breakout, and API abuse
• Act as the technical lead and SME during pre-sales engagements, supporting solution scoping, client presentations, and proposal development
• Partner with account teams to align cloud security strategies with business priorities and regulatory requirements (PCI, HIPAA, FedRAMP, etc.)
• Deliver internal enablement sessions and develop reusable assets (e.g., reference architectures, RFP content, service briefs) to support scalable pre-sales execution
• Engage directly with client executives, architects, and engineers to instill confidence in proposed cloud security solutions and services
• Partner with external delivery teams to align proposal objectives with delivery capabilities, focusing on success criteria for all three involved parties – End Customer, Trace3 & Partner delivery organization

Preferred Qualifications

• AWS Certified Solutions Architect Professional, DevOps Engineer Professional, Security Specialty
• Microsoft Azure Security Engineer, Administrator Associate; Solutions Architect and DevOps Engineer Expert
• GCP Cloud Architect, Security Engineer, DevOps Engineer, Network Engineer
• CISSP

Benefits

• Comprehensive medical, dental and vision plans for you and your dependents
• 401(k) Retirement Plan with Employer Match, 529 College Savings Plan, Health Savings Account, Life Insurance, and Long-Term Disability
• Competitive Compensation
• Training and development programs
• Stocked kitchen with snacks and beverages
• Collaborative and cool culture
• Work-life balance and generous paid time off