The Cloud Security Architect plays a critical role in ensuring the Confidentiality, Integrity, and Availability (CIA) of corporate data and systems across the enterprise. This role is responsible for designing, implementing, and governing secure cloud architectures across several CSPs such as GCP, AWS, Microsoft Azure environments while aligning with enterprise security standards, regulatory requirements, and business objectives.

The architect will research, design, and advocate next-generation security technologies, architectures, and cloud security controls that support enterprise platforms, customers, business partners, and vendors. The role will also drive cloud security posture management, identity-based security controls, and secure cybersecurity practices to ensure resilient and scalable cloud infrastructure.

Key Responsibilities

* Design and implement secure enterprise cloud architectures across AWS and Microsoft Azure aligned with industry standards and enterprise security frameworks.
* Develop and maintain cloud security reference architectures and design patterns for enterprise workloads.
* Design secure enterprise networks and data transfer mechanisms across cloud platforms ensuring secure connectivity, segmentation, and encryption.
* Develop primary and secondary security controls to protect against vulnerabilities and emerging cybersecurity threats.
* Implement and manage Cloud Security Posture Management (CSPM) capabilities across enterprise cloud environments.
* Architect and operationalize Microsoft Defender for Cloud including Defender CSPM to continuously monitor and assess cloud resource configurations.
* Drive remediation processes for cloud misconfigurations, compliance gaps, and security posture risks identified by CSPM tools.
* Establish governance processes to improve cloud secure score and overall security posture.
* Design and implement security capabilities leveraging Microsoft Defender for Cloud security services.
* Integrate Defender security insights with enterprise SIEM platforms such as Microsoft Sentinel or Splunk for centralized monitoring and incident response.
* Design identity-first security architectures leveraging Microsoft Entra ID and cloud IAM services.
* Implement least privilege access models, conditional access policies, and identity governance frameworks.
* Ensure strong authentication, authorization, and access monitoring controls across cloud workloads.
* Design encryption strategies using Azure Key Vault, AWS KMS, and centralized key management platforms.
* Ensure encryption at rest and in transit across enterprise cloud workloads.
* Define secure data transfer and protection mechanisms for sensitive enterprise data.
* Align cloud security architecture with industry frameworks including NIST 800-series, ISO 27001/27002, and CIS benchmarks.
* Implement automated compliance monitoring using Defender for Cloud regulatory compliance dashboards.
* Collaborate with governance and risk teams to ensure cloud platforms meet regulatory and audit requirements.

Required Qualifications

* Minimum 3 years of experience as a Security Architect in an enterprise-level organization with a good understanding of Cloud environments and its components
* Hands-on cybersecurity experience with cloud infrastructure including AWS and Microsoft Azure EntraID and MS defender.
* Proven track record of aligning business objectives, regulatory requirements, and enterprise security controls.
* Strong understanding of networking protocols, cryptography, authentication, authorization, and cloud-native security architectures.
* Experience implementing security standards such as NIST 800-series, ISO 27001/27002, and CIS security benchmarks.
* Demonstrated ability to create realistic project timelines and deliver results on schedule.
* Strong analytical, critical thinking, and problem-solving skills.
* Excellent communication and presentation skills with the ability to convey complex technical topics to both technical and executive audiences.

Preferred Certifications

* AWS Certified Security Specialty
* Microsoft Azure Security Engineer (AZ-500)
* SC-100: Cybersecurity Architect Expert
* Certified Cloud Security Professional (CCSP)
* Certified Information Systems Security Professional (CISSP)

At Stellantis, we assess candidates based on qualifications, merit and business needs. We welcome applications from people of all gender identities, age, ethnicity, nationality, religion, sexual orientation and disability. Diverse teams will allow us to better meet the evolving needs of our customers and care for our future.