Jobs · himalayas
AWS Cloud Security Architect
Cobalt Streamworks · United States · Posted 6d ago
About the role
Type of Requisition: Pipeline Clearance Level Must Currently Possess: None Clearance Level Must Be Able to Obtain: None Public Trust/Other Required: BI Full 6C (T4) Job Family: Software Engineering Job Qualifications: Skills: AWS Cloud Computing, Cloud Security, Threat Detection Certifications: None Experience: 8 + years of related experience US Citizenship Required: No Job Description: The CMM AWS Cloud Security Architect will work as part of an agile development team to build and support the modernization of enterprise-class software applications. The successful candidate shall be capable of providing technical cloud security subject matter expertise to meet current and future security design and architecture requirements for IaaS, PaaS, and SaaS implementations. The candidate shall have experience with designing and implementing security measure to protect data as it moves from on-premises data center servers to cloud storage systems. The candidate shall have experience with network security and security compliance. This role provides expert advisory services to ensure secure design and deployment of cloud-based systems, incorporating secure-by-design principles such as access control, encryption, and identity management. The Architect conducts thorough threat and vulnerability assessments, monitors risks, and ensures compliance with federal cybersecurity standards and Judiciary frameworks. Key Responsibilities: Designing secure cloud architectures Performing risk assessments using enterprise tools Coordinating with ITSO and CISA to validate system security through independent evaluations. Creates essential security documentation, including System Security Plans, Business Continuity Analyses, and Disaster Recovery Plans Delivers a quarterly Cloud Security Roadmap Provides operational support to cover cloud firewalls, ACLs, SSL, API endpoints, authentication procedures, private image management, and secure network segmentation. Supports incident response planning Supports automation for legacy systems Ensures proper documentation of cybersecurity control artifacts Ensures continuous monitoring and secure data handling Engages in proactive risk mitigation Strengthens the security posture across production and non-production cloud environments within the CMSO ecosystem. REQUIREMENTS Education: Technical Training, Certification(s) or Degree required ; BA/BS strongly preferred. 4 years of general experience in information systems may be substituted in lieu of preferred degree. Experience: 8+ years of specialized experience required Container Security — Expert Level: Deep expertise in Amazon EKS security architecture : pod identity, multi-tier namespace isolation, and node group separation across security classification tiers Expert Kubernetes RBAC design and auditing: least-privilege ClusterRoles, service account hardening Strong expertise in Kubernetes NetworkPolicy Expert Pod Security Admission controls: restricted/baseline profile enforcement, Gatekeeper policy-as-code Full lifecycle container image security : ECR private registry, image tag immutability, Inspector Enhanced Scanning, cosign image signing, SBOM generation Expert GitLab CI/CD pipeline security : OIDC-based AWS authentication, build node egress restriction, pipeline-integrated scanning (Wiz, Trivy, Checkov, TestifySec), and immutable artifact promotion Experience implementing container performance monitoring using New Relic or equivalent (Prometheus, OpenTelemetry, Fluent Bit) Demonstrated experience designing FedRAMP High multi-tier web applications on EKS with tiered security classification boundaries Network Security - Expert Level: Expert AWS VPC architecture : multi-tier subnet design, Transit Gateway, EKS hardening Deep experience with security groups, Network ACLs , and AWS Network Firewall : domain allowlist policies, and build node egress controls Expert VPC endpoint design: gateway and interface endpoints Expert AWS WAF Deep expertise in API Gateway security : designing private endpoints, JWT authorizers, resource policies, and mTLS Experience implementing AWS Direct Connect and Site-to-Site VPN with BGP route security and hybrid connectivity hardening Expert design of VPC Flow Log analysis pipelines using CloudWatch Logs Insights, Athena, and Splunk (SPL queries, correlation searches, network security dashboards) Security Monitoring - Expert Level: Expert design of CloudWatch multi-account architectures : cross-account observability, centralized log aggregation, composite alarms, and metric filter-based real-time detection Experience integrating CloudTrail, GuardDuty, Security Hub, and Config across AWS Organizations with EventBridge-driven automated response Expert Splunk integration : CloudTrail, GuardDuty, VPC Flow Logs, and EKS audit log ingestion with high-fidelity correlation searches Vulnerability Management - Expert Level: Expert design of multi-layer VM programs for containerized AWS workloads: Amazon Inspector (EC2, ECR E
Read the full posting on himalayas →
FAQ
Is the AWS Cloud Security Architect role at Cobalt Streamworks remote?+
This AWS Cloud Security Architect position is listed as remote (United States).
What seniority level is this AWS Cloud Security Architect role?+
This is a senior level position.
How do I apply for the AWS Cloud Security Architect role at Cobalt Streamworks?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Cobalt Streamworks.