Serve as the senior technical authority and subject matter expert across all security, IT infrastructure, and cloud systems, providing architectural direction and hands-on technical leadership.
Design, implement, and maintain secure, scalable, and highly available cloud architectures (primarily AWS), ensuring alignment with security policies, industry frameworks, and business continuity requirements.
Lead and manage multiple concurrent security and infrastructure projects from inception through delivery, establishing project plans, milestones, risk mitigation strategies, and stakeholder communications.
Mentor, guide, and provide technical oversight to internal contractors, IT team members, and cross-functional engineering staff, elevating the technical capabilities of the broader team.
Architect and implement Zero Trust security models, including network segmentation, identity-aware proxies, ZTNA solutions, and microsegmentation strategies across cloud and hybrid environments.
Evaluate, select, deploy, and manage security tooling across the enterprise, including SIEM/SOAR, endpoint detection and response (EDR), web application firewalls (WAF), vulnerability management, and cloud security posture management (CSPM) platforms.
Design and maintain infrastructure-as-code (IaC) frameworks using Terraform, Puppet, or similar tools, ensuring repeatable, auditable, and secure infrastructure provisioning.
Own the vulnerability management lifecycle, including scoping and coordinating annual penetration testing engagements, triaging findings, driving remediation across engineering teams, and validating closure.
Lead incident response from a technical perspective, serving as Incident Commander or senior technical SME during critical security and infrastructure events, and conducting thorough root cause analysis.
Build and maintain observability, monitoring, and alerting infrastructure leveraging tools such as Prometheus, Grafana, Victoria Metrics, and cloud-native monitoring services to ensure proactive threat detection and system reliability.
Implement and manage identity and access management (IAM) solutions, including SSO (Okta or similar), privileged access management, and role-based access controls across SaaS and internal applications.
Collaborate with the GRC team to ensure technical controls satisfy compliance framework requirements (NIST CSF, SOC 2, ISO 27001), provide audit evidence, and support certification activities.
Drive cloud cost optimization while maintaining security posture, implementing tagging strategies, right-sizing recommendations, and reserved capacity planning.
Develop automation scripts, integrations, and tooling (Python, Bash, APIs) to streamline security operations, reporting, and infrastructure management.
Stay current on emerging threats, technologies, and industry trends, and proactively recommend improvements to the security and infrastructure architecture.

Requirements

12+ years of progressive experience in IT infrastructure, cloud engineering, and security architecture, with at least 5 years in a senior or staff-level technical role.
Deep hands-on expertise in AWS cloud services (EC2, VPC, IAM, S3, CloudTrail, GuardDuty, WAF, Config, Organizations) with experience designing production-grade secure architectures.
Proven experience leading multiple concurrent technical projects end-to-end, managing timelines, dependencies, and stakeholder expectations.
Strong track record of mentoring and guiding junior engineers, contractors, and cross-functional technical staff.
Expert-level proficiency with infrastructure-as-code tools (Terraform, CloudFormation, Puppet, Chef, or Ansible) and configuration management at scale.
Hands-on experience implementing and managing security platforms including SIEM (e.g., Rapid7, Splunk), EDR (e.g., CrowdStrike, Carbon Black), and vulnerability management tools.
Deep understanding of Zero Trust architecture principles, network security (firewalls, IDS/IPS, VPN, microsegmentation), and modern authentication frameworks.
Experience with containerization and orchestration technologies (Docker, Kubernetes, ECS) in production environments.
Strong scripting and automation skills in Python, Bash, and PowerShell with the ability to build custom integrations and operational tooling.
Experience supporting compliance and audit activities in a regulated environment, including SOC 2, SOX, or similar frameworks.
Excellent communication skills with the ability to translate complex technical concepts for non-technical stakeholders and executive leadership.

Benefits

Competitive base salary with annual performance-based bonus
Comprehensive medical, dental, and vision insurance
401(k) retirement plan with company matching
Generous paid time off and company holidays
Professional development and continuing education opportunities
Hybrid work flexibility
Life and disability insurance
Wellness programs and employee assistance program (EAP)

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

AWSZero Trust architectureinfrastructure-as-codeTerraformPythonBashSIEMEDRvulnerability managementcontainerization

Soft Skills

mentoringproject managementstakeholder communicationtechnical leadershipincident responseroot cause analysisautomationcollaborationguidanceproblem-solving

Certifications

SOC 2ISO 27001