Cloud Security Architect; Azure​/AWS​/GCP

DETAILS

Location
:
Dallas, TX 75231 (onsite 1-2 days per week)

Position Type
:
Direct-Hire

Hourly / Salary
: to $165K

Vaco is currently seeking a Cloud Security Engineer (Azure / AWS / GCP) for a Direct-Hire opportunity that is located in Dallas, TX 75231 (onsite 1-2 days per week). The Cloud Security Architect will architect and secure a dynamic, evolving enterprise environment. The role is high-impact and centers on designing integrated security patterns, remediating misconfigurations, establishing organization-wide guardrails, and guiding cross-functional teams through secure implementation and ongoing adaptation, including new applications, acquisitions, and SaaS extensions, while mentoring juniors and driving leadership in cloud security practices.

• Cloud Security Architecture
  • Design / Implement Secure Architecture Patterns / Controls Across Azure / AWS – Understanding Enforcement Mechanisms via Cloud Security Posture Management
  • Support Secure Migration / Re-Platforming of OnPrem Environments to Cloud Ecosystems
  • Develop Guardrails / Hardening Guidelines for IaaS / PaaS / SaaS Workloads
  • Define / Oversee Cloud-Native Security Controls – Azure Defender / AWS Security Hub
  • Deploy Cybersecurity Operations / Hardening Standards Across all Environments
  • Application / Network Team Collaboration – Configuring WAF to Enforce Security Principles
  • Define / Enforce WAF / Traditional Network Firewall Rules
  • IAM Effort Support – RBAC / PIM / PAM
• Collaboration / Enablement
  • Participate in Application Design / Development Processes – Providing Security Input / Oversight from Conception
  • Application Development / Infrastructure Team Partnership – Embedding Security into CI/CD Pipelines / Dev Ops Practices
  • Vulnerability / Misconfiguration Remediation – Guiding / Recommending from Vulnerability Assessment / Posture Management Tools (Scanners / SAST / DAST / CSPM)
  • Serve as Trusted Advisor on Cloud Security
• Security / Engineering
  • Automation / Secure Adoption Support – Moving Towards Dev Sec Ops  using IaC
  • Evaluate /Integrate Security Tools Throughout the Enterprise Ecosystems
  • Support Ingestion Logs into Central SIEM for Proactive Monitoring / Threat Detection
  • Conduct Proactive Threat Hunting in Cloud Environments – Identifying / Mitigating Advanced Threats
  • Participate in Incident Response / Threat Modeling
  • SCO / Incident Response Team Collaboration – Investigating / Mitigating Threats
  • Perform Security Reviews / Threat Modeling / Risk Assessment for New / Existing Cloud Services
  • Actively Participate in Incident Response / Business Continuity / DR Exercises
• Governance / Risk / Compliance
  • Ensuring Adherence to Well-Architected Frameworks / Regulatory Requirements NIST / CIS / HIPPS / FedRAMP / SOCII
  • Support Audit / Compliance Initiatives
• Security Awareness / Mentorship – Educate / Mentor Engineering / Operations Teams on Secure Architecture Principles / Emerging Threats

• Security Certifications – Security+ CSSP / CISSP / AWS Certified Security Specialty / Azure Security Engineer
• Cloud Security Engineer (hands‑on) (3+ years) – Multi‑Cloud Platforms (Azure / AWS / GCP)
• Cloud‑Native / Cloud Infrastructure Security (strong knowledge) – Cloud‑Native Services / IAM / Encryption / Key Management / Network Security
• Hybrid Cloud / Hybrid Infrastructure Management – Working with OnPrem Infrastructure / SaaS‑based Solutions
• Cloud‑Native Security Operations / Sec Ops – SIEM/SOAR Technologies / CSOM / CWPP / IAM / PAM Solutions
• Network Security Tool Management / Configuration – Managing WAF / Firewall Configurations
• Effective Team Collaboration – Collaborating Across Infrastructure / Cloud Architects / Engineers, etc.

• Security Tools / Platforms – Crowd Strike / Falcon Cloud / MDC (Defender for Cloud) / Sentinel / Qualys
• IaC Tools (familiarity) – Container Security / API Security
• Regulatory Frameworks / Security Standards – NIST / SOCII / FedRAMP / HIPPA / PCI‑DSS
• Dev Ops Tooling – Azure Dev Ops / Veracode / Git Hub
• Excellent Written / Verbal Communication Skills – Ability to Explain Complex Security Topics to Technical / Non‑Technical Stakeholders

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan.

Unless otherwise noted, the position is currently occupied.