Quzara LLC

Compensation

Full Description

Job Title: Cloud Security Architect Pay Type: SALARIED EXEMPT  Location: Remote Summary of Position Role/Responsibilities The Cloud Security Architect is responsible for designing, implementing, and managing cloud security solutions while ensuring compliance with industry standards and best practices. This role requires expertise in conducting security assessments, risk management, and security architecture reviews. The ideal candidate will have extensive experience with cloud technologies, application security, and security frameworks, working collaboratively with internal stakeholders and external third parties to develop secure cloud environments. Additionally, this role involves translating business requirements into secure solutions and engaging with senior leadership for technical discussions. Essential Functions of the Job * Conduct security assessments based on industry-standard frameworks (NIST, CIS, FedRAMP) to identify risks and recommend mitigation strategies. * Design and implement security controls for cloud environments, ensuring adherence to compliance requirements. * Perform risk assessments to identify cyber threats, vulnerabilities, and evaluate compensating controls. * Lead security architecture and configuration reviews for cloud technologies, including M365 and Azure. * Collaborate with internal stakeholders and external third parties to assess and enhance security postures. * Apply threat modeling techniques using frameworks such as STRIDE to evaluate and mitigate security threats. * Engage with project teams to translate business requirements into secure cloud architectures and solutions. * Provide expert guidance on application security best practices, including OWASP, CI/CD pipelines, DevSecOps, API security, and SAST/DAST tools. * Serve as a point of contact for security consultation and assessment inquiries from various project teams. * Communicate technical security concepts to both technical and non-technical audiences, including senior leadership. * Efficiently manage multiple workstreams and projects, ensuring timely delivery of security solutions. * Stay informed on emerging cloud security trends, technologies, and regulatory updates to maintain compliance and improve security processes. * Support the development and documentation of security policies and procedures to enhance the organization’s security framework.   Marginal Functions of the Job * Other duties as assigned   Normal Work Schedule This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job. Education, Training, and Experience * Bachelor's degree in Computer Science, Cybersecurity, or a related field. * Minimum 5+ years of experience conducting security assessments based on industry-standard frameworks (NIST, CIS, FedRAMP). * Minimum 5+ years of experience with M365 and Azure technologies. * Minimum 3 – 5 years of experience with application security (OWASP, CI/CD pipelines, DevSecOps, API Security, SAST/DAST tools). * Minimum 3 – 5 years of experience with Threat Modeling using frameworks such as STRIDE. * Minimum 3 – 5 years of experience with Risk Assessment, identifying cyber risks, threats, and vulnerabilities, and determining how compensating controls mitigate risks. * Ability to work collaboratively with internal stakeholders and external third parties to perform security technical architecture and configuration reviews. * Strong ability to multi-task on multiple workstreams or projects. * Ability to engage with senior leadership for technical discussions and translate technical information for non-technical audiences. * Ability to act as a point of contact for consultation and assessment of inquiries from project teams. * Ability to work with project teams to translate business requirements into secure solutions, reference architectures, and designs. Preferred, but Not Required: * Microsoft Cloud Security certifications (AZ-500, SC-100, SC-300, SC-400, AI-102). * Security certifications such as GPEN, GCFA, GCIH, CCSP, CISSP, CISA, etc. * Working knowledge of third-party service providers (ServiceNOW, MuleSoft, SAP). * Working knowledge of data transformation technologies such as PowerBI / Microsoft Fabric and artificial intelligence platforms such as Copilot. * Prior experience in penetration testing systems/web applications or equivalent knowledge. * Prior experience managing a technical team and mentoring other team members. * Master’s degree in Computer Science, Cybersecurity, or a related field. EEO Statement The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.