Solutions Architect - Cloud Security

at  Capgemini

REQUIREMENTS:

• 10+ Years of experience in IT and should be aligned with Cloud security architect.
• 10+ Year of Aws, Azure, GCp Cloud administration and Architecture experience
• 5+ years of hands-on experience in Cloud environments.
• Bachelor’s degree from an accredited college in a related discipline, or equivalent experience/combined education
• Prior experience in a customer-facing sales engineering or solutions architect role.
• Deep Technical knowledge required in security solutions with :
  o Threat and Vulnerability Management, · Security Information Event Management (SIEM), · Endpoint Detection and Response (AV, HIPS, HIDS), · Web Application Firewalls, URL Content Filtering, DMARC, DKIM, and SPF, Identity and Access Management, Privileged Account Management, Threat Hunting & Penetration Testing, PKI - Public Key Infrastructure, Web Application Firewalls, E-Discovery & Legal Hold, Data Loss Prevention, BCDR, SAST, DAST, And SDLC, Regulatory Frameworks, Firewall solutions, Phishing Tactics, Techniques, and Processes, Network Access Controls (NAC)
  o Cloud Platforms: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and others, including their services, features, and security capabilities.
  o Network Security: Understand cloud networking concepts such as virtual private clouds (VPCs), subnets, security groups, and network ACLs, as well as techniques for securing cloud networks and data traffic, including encryption, VPNs, and network segmentation.
  o Data Security: Data protection mechanisms, encryption at rest and in transit, key management, data masking, and data loss prevention (DLP) techniques to safeguard sensitive data stored in cloud environments.
  o Identity Federation and Single Sign-On (SSO): Familiarity with identity federation protocols like SAML, OAuth 2.0, and OpenID Connect, and experience integrating cloud services with identity providers to enable SSO and seamless access across applications.
  o Security Compliance: Understand regulatory compliance requirements relevant to cloud computing, such as GDPR, HIPAA, PCI DSS, SOC 2, and experience implementing security controls and measures to achieve compliance in cloud environments.
  o Cloud Security Architecture: Ability to design and implement secure cloud architectures, considering factors such as data residency, segregation of duties, defense-in-depth principles, and best practices for securing cloud workloads and applications.
  o Security Monitoring and Logging: Proficiency in configuring and managing security monitoring and logging services provided by cloud platforms, including cloud-native monitoring tools, SIEM solutions, and log management services for detecting and responding to security threats.
  o Incident Response and Forensics: Experience in developing incident response plans and procedures for cloud environments, conducting security incident investigations, and performing digital forensics to identify the root cause of security incidents and breaches.
  o Container Security: Knowledge of containerization technologies such as Docker and Kubernetes, and experience implementing container security measures such as image scanning, runtime protection, and network segmentation to mitigate risks associated with containerized workloads.

o Serverless Security: Familiarity with serverless computing platforms like AWS Lambda, Azure Functions, and Google Cloud Functions, and understanding of security considerations and best practices for developing, deploying, and securing serverless applications.

• Prior experience with or knowledge of Cloud Security practices and principles.
• Prior application development languages and challenges
• Prior experience with metric measurements for Cloud Security lifecycles
• Prior experience with Infrastructure as Code
• Understanding of Kubernetes, Docker, and/or other related solutions
• Understanding of API and PKI solutions
• Strong understanding of IAM principles within a CSP and how they are applied to the organization
• Prior experience with or knowledge of network hardening best practices and principles.
• Knowledge and understanding of threats and risks that are present with cloud native, hybrid cloud, and legacy data center scenarios
• Foundational software development knowledge and including programing and automation frameworks.
• Understanding of application, system, and network security testing and hardening concepts and practices.
• Prior experience in presenting results to clientele leadership in person or remote.
• Knowledge of industry best practices and standards to include but not limited to the following; NIST 800-61, NIST Core Security Framework, NIST 800-53, NIST 800-171, ISO 27001/2, and ISO 27035, Financial Standards and Compliance, Cloud Security
• Knowledge of Large Fortune 500 organizations security programs and their related functions to include the SOC function, vulnerability assessment, penetration testing, security policy and procedure, security infrastructure management, network and host based defense, cyber security metrics, security engineering, etc.

Consulting and Assessment: Conduct comprehensive assessments of clients’ existing IT infrastructure, network architecture, and security protocols to identify vulnerabilities and areas for improvement.
Zero Trust Strategy Development: Collaborate with clients to develop tailored Zero Trust security strategies aligned with their business objectives, regulatory requirements, and risk tolerance.
Architecture Design: Design and architect Zero Trust network and security solutions, including micro-segmentation, identity and access management (IAM), encryption, continuous authentication, and network visibility tools.
Implementation and Integration: Lead the implementation and integration of Zero Trust solutions within clients’ environments, working closely with their IT teams and third-party vendors to ensure seamless deployment and configuration.
Technical Expertise: Serve as a subject matter expert on Zero Trust principles, technologies, and best practices, providing guidance and training to clients and internal teams as needed.
Risk Management: Assess and mitigate security risks associated with Zero Trust implementations, proactively identifying potential threats and developing mitigation strategies to safeguard clients’ assets.
Documentation and Reporting: Prepare detailed documentation, including architecture diagrams, technical specifications, and project reports, to communicate project status, findings, and recommendations to clients and internal stakeholders.

1. Presales: This represents the primary responsibilities for this role. The cyber solutions architect will work collaboratively with Direct Cyber Sales team to ensure holistic coverage on all qualified cyber deals. They will provide technical leadership and content development for client and prospect needs such as proposal responses, RFIs, Statements of Work, and other similar requests.
2. Portfolio Optimization: Work with the Global Portfolio Hub to support portfolio optimization and service expansion efforts based on market trending and opportunities recognized cross-sector.
3. Thought leadership: Provide thought leadership by engaging in publication of white papers, articles, podcasts, and participating in key industry events.
4. Delivery Support: Maintain flexibility so that SMEs are enabled to take on short duration delivery responsibilities to accelerate time to revenue recognition.
5. Cloud Security Strategy Development: Develop and maintain a comprehensive cloud security strategy aligned with the Client’s goals, regulatory requirements, and industry best practices.
6. Security Architecture Design: Design secure cloud architectures, including network layouts, data storage mechanisms, identity and access management (IAM) policies, and encryption strategies, considering cloud provider services and features.
7. Risk Assessment and Management: Identify, assess, and prioritize security risks and vulnerabilities in cloud environments, and develop strategies and countermeasures to mitigate these risks effectively.
8. Identity and Access Management (IAM): Design and implement IAM solutions to manage user identities, access privileges, authentication mechanisms, and federated identity relationships across cloud services and applications.
9. Data Protection and Encryption: Define data protection policies and encryption mechanisms to safeguard sensitive data stored, processed, and transmitted in cloud environments, ensuring compliance with regulatory requirements and industry standards.
10. Network Security: Implement network security controls such as firewalls, intrusion detection/prevention systems (IDS/IPS), virtual private networks (VPNs), and network segmentation to protect cloud-based resources and data traffic.
11. Security Monitoring and Incident Response: Configure and manage security monitoring and logging tools to detect and respond to security incidents and breaches in real-time, including incident investigation, forensics analysis, and remediation actions.
12. Compliance and Governance: Ensure compliance with relevant regulatory requirements (e.g., GDPR, HIPAA, PCI DSS) and industry standards, and establish governance frameworks and controls to maintain security posture and accountability in cloud environments.
13. Security Automation and Orchestration: Develop automated security processes and workflows to streamline security operations, including security tool integration, policy enforcement, and incident response automation.
14. Collaboration and Stakeholder Management: Collaborate with cross-functional teams, including IT operations, development, compliance, and legal departments, to align security initiatives with business objectives and ensure buy-in and support for security efforts.