×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Sr. Cloud Security Architect; AWS

Job in Toronto, Ontario, M5A, Canada
Listing for: S.i. Systems
Contract position
Listed on 2026-01-12
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Job Description & How to Apply Below
Position: Sr. Cloud Security Architect (AWS) - 2833

Duration:
Until 30 Sep (possibility of extension)

Location:

Markham office is mandated for three days per week (Tuesday and Wednesday is compulsory, with one additional flexible weekday.)

The Senior AWS Cloud Security Architect is responsible for designing, implementing, and governing secure, compliant, and resilient AWS environments across multi-account cloud infrastructures.

You will lead the architecture and automation of identity, data protection, threat detection, and network segmentation controls across the AWS ecosystem.

Key Responsibilities:

* Design and implement secure landing zones using AWS Control Tower, AWS Organizations, and Service Control Policies (SCPs).

* Define multi-account security guardrails for shared services, workloads, and sandbox environments.

* Create reference architectures covering security zones, network segmentation, and cross-account communication (Private Link, AWS WAN).

* Lead threat modelling and risk assessments for new workloads and services (Lambda, ECS, EC2, S3, RDS, Dynamo

DB, etc.).

* Develop security-by-design templates integrated into Infrastructure as Code (IaC) pipelines.

* Partner with compliance teams to maintain continuous alignment with CIS Benchmarks and organizational risk frameworks.

* Implement federated access and single sign-on with AWS IAM Identity Center (AWS SSO), Okta, and Azure AD.

* Manage cross-account roles, STS trust policies, and temporary credentials for developers and third parties.

* Automate secret and credential rotation with AWS Secrets Manager and AWS Systems Manager Parameter Store.

* Enforce encryption at rest using AWS KMS, Cloud

HSM, and envelope encryption patterns.

* Ensure encryption in transit (TLS 1.2/1.3) across internal and public endpoints.

* Manage key rotation, cross-region replication, and HSM-based root of trust.

* Implement S3 Object Lock, Macie for data discovery and classification, and Access Points for fine-grained data access.

* Implement Private Link, AWS WAN, and Route 53 Resolver endpoints for service-to-service isolation.

* Configure Web Application Firewall (WAF) and AWS Shield Advanced for DDoS mitigation.

* Enforce egress control through Cloud NAT, AWS Gateway Load Balancer (GWLB), or custom proxies.

* Deploy and integrate AWS Security Hub, Guard Duty, Macie, and Inspector for proactive threat detection.

* Configure Amazon Detective for forensic investigation and anomaly correlation.

* Integrate findings into SIEM/SOAR platforms such as Forti

SOAR, or Azure Sentinel.

* Automate response playbooks with AWS Step Functions, Lambda, and SNS alerts.

* Implement AWS Config rules and Conformance Packs to enforce compliance (e.g., CIS AWS Foundations Benchmark).

* Use AWS Artifact for vendor assurance and control documentation.

* Manage compliance dashboards via Security Hub, Trusted Advisor, and Control Tower drift detection.

Core AWS Security & Supporting Services

Identity & Access Management: IAM, IAM Identity Center (SSO), AWS Organizations, Access Analyzer, Cognito, Resource Access Manager (RAM), Directory Service

Encryption & Key Management: KMS, Cloud

HSM, Secrets Manager, SSM Parameter Store, Certificate Manager (ACM), Private CA

Network & Perimeter Security:
Network Firewall, WAF, Shield (Standard & Advanced), Private Link, AWS WAN, Route 53 Resolver, Network Load Balancer, Application Load Balancer

Threat Detection & Monitoring:
Guard Duty, Detective, Security Hub, Inspector, Macie, Cloud Trail, Config,

Cloud Watch, Cloud Watch Logs, Cloud Watch Metrics

Compliance & Governance:
Audit Manager, Artifact, Control Tower, Trusted Advisor, Config Conformance Packs,

Service Catalog, Organizations SCPs

Data Protection: S3 Object Lock, Macie, Lake Formation, DLP integrations, S3 Access Points

Vulnerability & Posture Management:
Inspector (EC2, ECR, Lambda), Trusted Advisor, Config, Security Hub Application & Container Security: ECR image scanning, ECS task IAM roles, Lambda least privilege, Secrets Manager, API Gateway authorization

Incident Response & Automation:
Step Functions, Lambda, Systems Manager Automation, SNS, Cloud Watch Alarms, Event Bridge Rules

Required Skills and Experience

* 8+ years in cybersecurity, with 4+ years in AWS cloud security architecture.

* Deep understanding of AWS Well-Architected Framework (Security Pillar).

Preferred Certifications

* AWS Certified Security – Specialty

* AWS Certified Solutions Architect – Professional

* CISSP / CISM / CCSP / GCSA / GIAC Cloud Security Automation

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search