Cloud Security ArchitectIrvine, Onsite, Any Visa, Full time, Contract Jobs in USA

Apply Now

Location: Irvine, California (CA)

Contract Type: C2C

Posted: 3 hours ago

Closed Date: 04/16/2026

Skills: AWS IAM, WAF, KMS, CloudTrail, GuardDuty

Visa Type: Any Visa

Role- Cloud Security Architect

Location: Irvine, CA - onsite

AWS IAM, WAF, KMS, CloudTrail, GuardDuty

"• Lead cloud security architecture for the Data Center Exit migration to AWS EC2.

• Design and implement AWS Landing Zone security including IAM guardrails, SCPs, and logging.

• Conduct application and infra vulnerability assessments and define remediation plans.

• Implement WAF rules, firewall policies, secure segmentation, and endpoint protection.

• Validate authentication, authorization, and encryption models for all migrated workloads.

• Support secure deployment practices, code reviews, and remediation of development gaps.

• Integrate SIEM systems with AWS native security tools for continuous monitoring.

• Define and enforce cloud security baselines aligned with CIS, NIST, and ISO controls.

• Lead penetration testing cycles and coordinate mitigation activities.

• Produce security HLD/LLD, risk assessments, and operational security runbooks.

Cloud Experience Needed

• Hands-on experience designing secure AWS multi-account Landing Zones and guardrail policies.

• Strong understanding of EC2 security, IAM, encryption, and identity federation models.

• Integration knowledge for Oracle Exadata on AWS, SQL Server, and middleware security flows.

• Experience with AWS WAF, Shield, GuardDuty, Security Hub, and detective controls.

• Ability to design security for EKS workloads including pod/network policies and image scanning.

• Understanding of security in hybrid cloud migrations and AWS migration tooling. "

"Strong expertise in AWS cloud security architecture including IAM, KMS, GuardDuty, and CloudTrail.

• Deep understanding of AWS Landing Zone, SCPs, governance, and enterprise security guardrails.

• Experience with security for custom applications including vulnerability identification and remediation.

• Proficiency with VAPT tools such as Nessus, Qualys, Burp Suite, Fortify, and Checkmarx.

• Strong understanding of WAF, firewall management, IDS/IPS, and network segmentation.

• Knowledge of OS-level security for Windows Server 2016–2025 and RHEL 7/8/9.

• Familiarity with securing Java, .NET, TIBCO ESB, and integration-heavy workloads.

• Understanding of database security for Oracle 19c, Exadata on AWS, and SQL Server.

• Ability to apply Zero Trust, least privilege, encryption, and secure-by-design principles.

• Strong collaboration skills across infra, app, DB, network, and DevOps teams. "