Cloud Security Architect - AWS

DATAECONOMY is one of the fastest-growing Data & Analytics company with global presence. We are well-differentiated and are known for our Thought leadership, out-of-the-box products, cutting-edge solutions, accelerators, innovative use cases, and cost-effective service offerings.

We offer products and solutions in Cloud, Data Engineering, Data Governance, AI/ML, DevOps and Blockchain to large corporates across the globe. Strategic Partners with AWS, Collibra, cloudera, neo4j, DataRobot, Global IDs, tableau, MuleSoft and Talend.

AWS Cloud Security Architect

Boston, MA / Hybrid

Full-time

Role Summary

We are looking for an experienced AWS Cloud Security Architect with strong hands-on expertise in Open Policy Agent (OPA)to design, implement, and govern security controls across our cloud platforms. You will be responsible for defining security architecture, codifying policies as code, and partnering with engineering teams to embed security into our CI/CD pipelines and cloud-native applications.

Key Responsibilities

Cloud Security Architecture

• Design and own end-to-end security architecture on AWS, ensuring alignment with best practices and industry standards (CIS, NIST, ISO 27001, etc.).
  

• Define and maintain secure reference architectures for VPC, network segmentation, IAM, encryption, logging, and monitoring.
  

• Evaluate and recommend AWS native security services (e.g., IAM, KMS, Security Hub, GuardDuty, WAF, Shield, Macie, Config) and third-party tools.
  

Policy-as-Code / OPA

• Design and implement policy-as-code solutions using Open Policy Agent (OPA) and Rego for:
  

• Kubernetes admission control (e.g., Gatekeeper)
  

• API authorization
  

• CI/CD checks (e.g., Terraform plan validation, image scanning gates)
  

• Define reusable policy libraries and guardrails to enforce security, compliance, and governance across environments.
  

• Integrate OPA with developer workflows and pipelines, enabling shift-left security with automated policy checks.
  

• Work closely with platform and DevOps teams to ensure OPA policies are scalable, testable, and observable.
  

Cloud Governance & Compliance

• Establish and maintain cloud security standards, baselines, and guidelines for AWS accounts, workloads, and data.
  

• Work with Compliance / Risk teams to map OPA and AWS controls to regulatory requirements (e.g., GDPR, SOC 2, PCI-DSS as applicable).
  

• Drive security posture management by leveraging tools such as AWS Config, Security Hub, CSPM platforms, etc.
  

Security Engineering & Automation

• Implement infrastructure security controls through IaC (e.g., Terraform/CloudFormation) and policy-as-code.
  

• Collaborate with DevOps / SRE teams to embed security into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.).
  

• Automate detection and remediation of security misconfigurations using Lambda functions, OPA policies, or other tooling.
  

Collaboration & Leadership

• Act as a trusted security partner for application, data, and platform engineering teams.
  

• Review high-risk solutions and changes, providing security sign-off and architectural guidance.
  

• Lead threat modeling, security design reviews, and cloud security assessments.
  

• Provide mentoring and training on cloud security and OPA best practices to engineers and stakeholders.
  

Requirements

• 10+ year of overall IT experience with at least 6+ years focused on cloud security (preferably AWS).
  

• Strong, hands-on experience with AWS:
  

• VPC, Subnets, NACLs, Security Groups
  

• IAM (roles, policies, permission boundaries)
  

• KMS, CloudTrail, CloudWatch, Config
  

• Load Balancers, API Gateway, Lambda, ECS/EKS (optional but preferred)
  

• Expertise in Open Policy Agent (OPA):
  

• Experience writing and maintaining Rego policies.
  

• Integration of OPA with Kubernetes, microservices, or CI/CD workflows.
  

• Experience with Gatekeeper/Styra or equivalent solutions is a plus.
  

• Solid understanding of cloud security principles:
  

• Identity and access management (IAM)
  

• Network security, segmentation, and zero-trust concepts
  

• Encryption in transit/at rest, key management
  

• Logging, monitoring, and incident detection
  

• Experience with Infrastructure as Code (IaC) tools such as Terraform or CloudFormation.
  

• Familiarity with DevOps and CI/CD tools and practices.
  

• Strong knowledge of security frameworks and standards (CIS Benchmarks, NIST, ISO 27001, OWASP, etc.).
  

• Proficiency in at least one scripting or programming language (e.g., Python, Go, Bash).
  

Nice-to-Have Skills

• Experience with Kubernetes security (EKS or other managed K8s).
  

• Hands-on experience with container security (image scanning, runtime protection).
  

• Exposure to CSPM, CWPP, or other security platforms (Prisma Cloud, Wiz, Lacework, etc.).
  

• Security certifications such as AWS Certified Security – Specialty, CISSP, CISM, CCSP, or similar.
  

• Experience in highly regulated industries (finance, healthcare, etc.).
  

Benefits

Standard full-time benefits.