AWS Security Architect at DATAECONOMY

Boston, Massachusetts, United States -

Full Time

Start Date

Immediate

Expiry Date

18 Mar, 26

Salary

0.0

Posted On

18 Dec, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

AWS, Cloud Security, Open Policy Agent, Rego, Infrastructure as Code, Terraform, CloudFormation, IAM, Network Security, Encryption, Logging, Monitoring, DevOps, CI/CD, Security Frameworks, Python, Kubernetes

Industry

Information Technology & Services

Description

DATAECONOMY is one of the fastest-growing Data & Analytics company with global presence. We are well-differentiated and are known for our Thought leadership, out-of-the-box products, cutting-edge solutions, accelerators, innovative use cases, and cost-effective service offerings. We offer products and solutions in Cloud, Data Engineering, Data Governance, AI/ML, DevOps and Blockchain to large corporates across the globe. Strategic Partners with AWS, Collibra, cloudera, neo4j, DataRobot, Global IDs, tableau, MuleSoft and Talend. AWS Cloud Security Architect Boston, MA / Hybrid Full-time Role Summary We are looking for an experienced AWS Cloud Security Architect with strong hands-on expertise in Open Policy Agent (OPA) to design, implement, and govern security controls across our cloud platforms. You will be responsible for defining security architecture, governing multi-account AWS environments using AWS Control Tower and Service Control Policies (SCPs), codifying policies as code, and partnering with engineering teams to embed security into CI/CD pipelines and cloud-native applications. Key Responsibilities Cloud Security Architecture Design and own end-to-end security architecture on AWS, ensuring alignment with best practices and industry standards (CIS, NIST, ISO 27001, etc.). Design and govern multi-account AWS environments using AWS Control Tower, landing zones, and account baselines. Define and maintain secure reference architectures for VPCs, network segmentation, IAM, encryption, logging, monitoring, and account-level guardrails. Define and manage Service Control Policies (SCPs) to enforce preventative security controls and governance across AWS Organizations. Evaluate and recommend AWS native security services (e.g., IAM, KMS, Control Tower, Organizations, SCPs, Security Hub, GuardDuty, WAF, Shield, Macie, Config) and third-party tools. Policy-as-Code / OPA Design and implement policy-as-code solutions using Open Policy Agent (OPA) and Rego for: Kubernetes admission control (e.g., Gatekeeper) API authorization CI/CD checks (e.g., Terraform plan validation, image scanning gates) Align OPA policies with AWS governance controls such as SCPs and Control Tower guardrails to provide layered defense (preventative + detective). Define reusable policy libraries and guardrails to enforce security, compliance, and governance across environments. Integrate OPA with developer workflows and pipelines, enabling shift-left security with automated policy checks. Work closely with platform and DevOps teams to ensure OPA policies are scalable, testable, and observable. Cloud Governance & Compliance Establish and maintain cloud security standards, account baselines, and governance models for AWS accounts, workloads, and data. Leverage AWS Control Tower guardrails (mandatory and elective) to enforce organizational security and compliance requirements. Work with Compliance / Risk teams to map OPA policies, SCPs, and AWS native controls to regulatory requirements (e.g., GDPR, SOC 2, PCI-DSS, as applicable). Drive security posture management using AWS Config, Security Hub, Control Tower, and CSPM platforms. Security Engineering & Automation Implement infrastructure and governance controls through Infrastructure as Code (Terraform / CloudFormation), including SCPs and Control Tower customization. Collaborate with DevOps / SRE teams to embed security controls into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.). Automate detection and remediation of security misconfigurations using Lambda functions, AWS Config rules, OPA policies, and SCP-based preventative controls. Collaboration & Leadership Act as a trusted security partner for application, data, and platform engineering teams. Review high-risk solutions and architectural changes, providing security sign-off and governance guidance. Lead threat modeling, cloud security assessments, and multi-account architecture reviews. Provide mentoring and training on cloud security, AWS governance (Control Tower/SCPs), and OPA best practices. Requirements 10+ years of overall IT experience with at least 6+ years focused on cloud security (preferably AWS). Strong, hands-on experience with AWS: AWS Organizations, Control Tower, and Service Control Policies (SCPs) VPCs, Subnets, NACLs, Security Groups IAM (roles, policies, permission boundaries) KMS, CloudTrail, CloudWatch, Config Load Balancers, API Gateway, Lambda, ECS/EKS (preferred) Expertise in Open Policy Agent (OPA): Writing and maintaining Rego policies Integration with Kubernetes, microservices, and CI/CD workflows Experience with Gatekeeper / Styra is a plus Solid understanding of cloud security principles: Identity and access management (IAM) Network security, segmentation, and zero-trust concepts Encryption in transit/at rest and key management Logging, monitoring, and incident detection Experience with Infrastructure as Code (Terraform or CloudFormation). Familiarity with DevOps and CI/CD tools and practices. Strong knowledge of security frameworks and standards (CIS Benchmarks, NIST, ISO 27001, OWASP, etc.). Proficiency in at least one scripting or programming language (Python, Go, Bash).

Responsibilities

The AWS Security Architect will design and govern security architecture on AWS, ensuring compliance with best practices and industry standards. They will also implement policy-as-code solutions and collaborate with engineering teams to embed security into cloud-native applications.