Sr. AWS Security Architect
Location: Pleasanton, CA (1/2 mile from Metro)
Duration: 12 to 24+ months
Rate: $85-125/HR DOE on C2C/1099
The recognized SaaS cloud based industry leader in its market is looking for a Sr. AWS Security Architect. The company has been in business for 20+ years, is public, earns $400+ million in revenue/year, $50+ million in net income/year, has $400+ million in cash reserves, is NOT VC funded, is cash flow positive and has 1,000+ employees. The company has been named to Glassdoor's 2017 Best Places to Work.
The Sr. AWS Security Architect will be solely responsible for leading the ground up design, build out and implementation of an enterprise AWS security infrastructure. The Sr. AWS Security Architect will initially perform an overall assessment of the company’s extremely high-volume SaaS products, the supporting platforms, 3 colocation data centers, existing private cloud, networks, data and web applications and the IT corporate infrastructure to gain an understanding of the environment as a basis for the design of the AWS Security Architecture.
More specifically, the Sr. AWS Security Architect will:
Perform security requirements gathering and controls reviews and then design, develop and execute the AWS Cloud Security initiatives and strategies
Have overall responsibility for the enterprise AWS cloud security architecture and, then, perform the deployment and operationalization of all AWS Security Services and AWS Security controls for cloud-based applications, across all cloud layers (including Infrastructure, Platform, and Software as a Service).
Implement AWS Security Services such as AWS Cloud HSM, Amazon Guard Duty, Amazon Inspector, AWS Key Management Service, Amazon Macie, AWS Shield, AWS Security Groups and any other necessary AWS Security Services
Research, design and implement AWS security measures necessary in order to address security issues related to public clouds such as hardware, network and software monitoring and controls, intrusion detection protection (i.e. VPC flow log, cloud trail, etc.), VPC for AWS, secure Amazon Route 53 DNS web services, the development of AWS Open API’s, etc.
Perform threat modeling and design reviews to assess security implications and requirements for introduction of new technologies into the AWS cloud
Partner closely with several levels of staff (C-Level to staff) and various departments (Network Engineering, Infrastructure, DevOps, Development staff, Data Engineers, Product Managers, etc.) to identify AWS Security risks and develop and deliver AWS security solutions
Design security and privacy controls for AWS cloud hosted applications.
Serve as a subject matter expert for AWS Security during development of AWS Cloud Security strategies and new AWS Service deployments.
Research, stay abreast of and implement all applicable new AWS Cloud Security Service provider offerings and industry emerging trends
The Sr. AWS Security Architect reports to the Director of Security
The company is currently operating a SaaS hybrid private and public cloud environment. The company is a large AWS user with 100+ AWS accounts in production utilizing AWS Services such as EC2: Elastic Load Balancing (ELB) and Launch Configurations, S3, Elastic Bean Stalk, Lambda and API Gateway, Route 53 DNS Service, VPC, CloudFront, CodePipeline and CloudFormation.
Must have 10+ years of progressive experience in information technology, information security and network engineering
Expert in Information Security
MUST HAVE experience in designing and securing at least one AWS Information Security architecture (experience must be proven and detailed in resume to be considered).
Should have experience designing and implementing one or more of the following AWS Security Services: AWS Cloud HSM, Amazon Guard Duty, Amazon Inspector, AWS Key Management Service, Amazon Macie, AWS Shield, AWS Security Groups or any other necessary AWS Security Services
Experience securing basic AWS Services such as EC2, S3, ELB, etc.
Experience identifying and implementing traditional security solutions and controls specifically for an AWS public cloud environment i.e. network controls, intrusion detection protection, VPC, network integration with public cloud, application development, etc.
Should come from a network engineering background or have a solid understanding of network engineering concepts and technologies (i.e. MPLS and BGP protocols, firewalls, encryption, virtualization)
Any knowledge and/or hands on experience with security tools including SIEM, IDS (Intrusion Detection Systems), IPS, Vulnerability Management Assessments, Network and Application Scanners, DLP/DLS, Network, Malware, DDoS and and/or security analysis tools is a plus