Cloud Security Architect

afarax is looking for a freelance Cloud Security Architect – Cloud Center of Excellence. We need you!

The project:

Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Cloud Security Architect – Cloud Center of Excellence to strengthen their team.

Key responsibilities:

Cloud Security Architecture & Design

• Lead design and enforcement of secure architectures for AWS and Azure (multi-account, multi-subscription).
• Define and maintain end-to-end security blueprints: identity, network, encryption, logging, container runtime, secrets, WAF.
• Build reusable Terraform and Bicep modules with embedded controls (e.g., KMS, private endpoints, logging).
• Validate workload isolation (hub/spoke, VNET/NSG/NACL) and implement advanced network segmentation with Azure Firewall, AWS TGW, NAT Gateway, and PrivateLink.

Security-as-Code & DevSecOps

• Enforce policy-as-code using Azure Policy, OPA, SCPs, and Service Control Policies for AWS Organizations.
• Integrate security controls into CI/CD pipelines (Azure DevOps, GitHub Actions) and runtime checks (Defender for Cloud, AWS Config).
• Drive shift-left security: IaC scanning (Checkov, tfsec), container scanning (Trivy, ECR/ACR policies), and workload attestation.
• Architect secure patterns for Kubernetes (AKS/EKS) with RBAC, Pod Security Policies, egress lockdown, and image signing.

Governance, Compliance & Risk

• Translate regulatory requirements (NIS2, ISO 27001, PCI DSS, DORA) into actionable cloud controls.
• Design and implement continuous compliance frameworks across cloud estates.
• Lead security architecture reviews, threat models, and risk assessments for new digital and modernization programs.

Advisory, Incident Support & Operational Maturity

• Act as senior escalation for cloud-related incidents; contribute to forensics and root cause analysis.
• Coach teams on secure architecture standards and support the SOC in tuning detections for cloud-native threats (MITRE ATT&CK for Cloud).
• Contribute to hardening playbooks, vulnerability remediation guides, and incident runbooks.

Is this you?

• 15+ years in IT/security, with 10+ years in cloud security architecture roles.
• Deep expertise in AWS and Azure security services (IAM, KMS, VPC/NSG/Security Groups, Defender, Security Hub, Sentinel, etc.).
• Hands-on with Terraform, Bicep, GitOps, container security, and policy automation.
• Demonstrated delivery of security frameworks at enterprise scale in regulated industries (finance, logistics, public sector).

Certifications (Required/Preferred)

Required (at least 2):

• AWS Certified Security – Specialty
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• CISSP or CCSP

Preferred: TOGAF, SABSA, GIAC Cloud Security Certifications (GCLD, GCSA)

• Architecture mindset with a coder’s hands.
• Ability to speak both security and platform engineering fluently.
• Relentless focus on automation, detection, and resilient design.
• Strategic understanding of regulatory impact (NIS2/DORA) on cloud-native architectures.

How afarax supports you?

• You benefit from our extensive network
• You will have access to projects that fit your expertise
• We help and support you throughout your project
• We offer the possibility to build a valuable and lasting partnership

Check out more projects on: