Cloud Security Architect – NY/NJ(Remote)

Job Description

**Job Title: Cloud Security Architect(IAM, AWS)**

**Location: NY/NJ (Remote)**

**Duration: Fulltime**

**(“US citizens and Green Card Holders and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.”)**

**A reasonable, good faith estimate of the minimum and maximum for this position is $160K/year to $220K/year with benefits**

Prefer Candidates from NY/NJ

Job Description:

We are seeking a highly skilled
**AWS Security Architect**
with deep expertise in
**Identity and Access Management (IAM)**
to design, implement, and govern secure cloud environments. The ideal candidate will define security architecture, enforce best practices, and ensure compliance across AWS services and workloads.

**Key Responsibilities:**

– Design and develop secure AWS architectures aligned with organizational security policies and compliance standards (e.g., ISO 27001, NIST, CIS, SOC2).
– Lead security design reviews and recommend improvements for new and existing cloud workloads.
– Design and implement AWS IAM policies, roles, and permission boundaries using the principle of least privilege.
– Manage and automate user provisioning, federation (SSO, SAML, OIDC), and identity lifecycle management.
– Implement and manage AWS Organizations, SCPs, and multi-account access governance.
– Integrate AWS CloudTrail, GuardDuty, Config, Security Hub, and Macie for continuous monitoring and compliance.
– Support incident response, vulnerability assessments, and remediation efforts in AWS environments.
– Develop and enforce cloud security baselines and access governance frameworks.
– Ensure alignment with compliance frameworks and regulatory requirements.
– Conduct periodic access reviews and security posture assessments.
– Partner with DevOps, Engineering, and Compliance teams to integrate security into CI/CD pipelines and cloud workflows.
– Mentor technical teams on AWS security best practices and secure coding principles.

**Required Skills & Qualifications:**

**Technical Expertise:**

– Strong experience in AWS IAM, AWS Organizations, KMS, STS, Cognito, and Secrets Manager.
– Deep understanding of cloud security architecture, network security, encryption, and key management.
– Experienc with any of these tools – Okta, Ping Identity, Azure AD, AWS IAM, CyberArk
– Proficiency with AWS CLI, Terraform/CloudFormation, and automation scripting (Python, Bash, etc.).
– Experience integrating SIEM/SOAR solutions (e.g., Splunk, Sentinel, or AWS Security Hub).
– 7+ years of experience in cybersecurity or cloud architecture, with at least 3+ years focused on AWS security.
– Demonstrated experience designing and implementing IAM frameworks and access control models in enterprise AWS environments.

**Certifications (preferred):**

– AWS Certified Security – Specialty
– AWS Certified Solutions Architect – Professional
– CISSP, CISM, or CCSP