Principal AWS Security Architect

Immediate Hiring II Remote in Canada II Contract/Fulltime

About the job:

Title: Principal AWS Security Architect

Start Date: Immediately

Position Type: Contract/ Full Time

Location: Remote across Canada

Job Description:
Principal AWS Security Architect

The Principal AWS Security Architect will be the strategic lead for our cloud security posture, with a specialized focus on highly regulated workloads. You will architect and govern a "secure-by-default" ecosystem that aligns with Federal (FedRAMP/NIST) and Healthcare (HIPAA/HITRUST) standards. You are responsible for ensuring that all innovations in AI/ML and Data services are built on a foundation of absolute privacy and automated compliance.

• Healthcare Compliance: Design architectures that strictly adhere to HIPAA Security and Privacy Rules; manage the implementation of technical safeguards for ePHI across the full AWS stack.
• HITRUST Certification: Lead the technical readiness for HITRUST CSF assessments, leveraging the AWS Shared Responsibility Model and Inheritance program to accelerate certification.
• Federal Standards: Align cloud infrastructure with FedRAMP (High/Moderate) and NIST SP 800-53 controls, ensuring all "Customer Responsibility" layers are fully documented and audited.
• Audit Automation: Utilize AWS Audit Manager to create automated evidence-collection frameworks for recurring compliance cycles.

• Adversarial Mapping: Map detective controls and AWS Security Hub findings to the MITRE ATT&CK Cloud Matrix to identify and close defensive gaps.
• TTP Detection: Design custom Event Bridge and Guard Duty alerts to detect specific Tactics, Techniques, and Procedures (TTPs) such as lateral movement or data exfiltration.

• Container Hardening: Secure EKS/ECS/Fargate environments using Pod Security Standards, image signing (Notation), and Guard Duty Runtime Monitoring.
• Serverless Security: Architect secure Lambda patterns, including execution isolation, environment variable encryption (KMS), and API Gateway protection via AWS WAF.
• Vulnerability Lifecycle: Implement Amazon Inspector for continuous vulnerability management across EC2, Containers, and Lambda, prioritizing remediation based on contextual risk.

• Landing Zone Security: Enforce global guardrails via Service Control Policies (SCPs), AWS Organizations, and VPC Service Controls.
• Identity & Access: Design sophisticated IAM policies and IdP integrations (Okta/Azure AD) using Least Privilege and Zero Trust (AWS Verified Access) principles.
• Automated Remediation: Build "Self-Healing" workflows using Systems Manager (SSM) to automatically quarantine compromised assets and revoke leaked credentials in real-time.