Senior Security Architect (Cloud & AWS)
Indexed description
EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.
We are looking for a Senior Security Architect (Cloud & AWS) to lead the closure of AWS cybersecurity remediation tickets and subsequently operate as the account's permanent security lead for ongoing operations and cloud security governance. The profile will own the security posture of a multi-account AWS environment, coordinate with the global cybersecurity team, and ensure that all controls remain audit-ready on an ongoing basis.
EPAM NEORIS is a digital accelerator that supports some of the world’s leading companies in addressing business challenges and advancing their technology evolution, combining global engineering excellence with regional expertise and local proximity.
With operations across 11 countries in Ibero-America and more than 4,000 professionals in the region, we foster a diverse and inclusive culture focused on collaboration, continuous learning, and innovation.
As part of EPAM, a global network of more than 60,000 professionals across 55+ countries, we help organizations scale, modernize, and accelerate their digital capabilities through Cloud, Data & Analytics, Artificial Intelligence, Cybersecurity, Intelligent Automation, Strategic Consulting, and Software Engineering.
At EPAM NEORIS, we believe growth is also driven by people. That is why we promote an environment where every professional can grow, contribute new ideas, and participate in projects with regional and global impact.
Responsibilities
- Lead the closure of AWS cybersecurity remediation tickets, ensuring timely and effective resolution across the multi-account environment
- Own the overall security posture of the AWS environment, acting as the account's permanent security lead for ongoing operations and cloud security governance
- Design, implement, and maintain security controls across AWS services (IAM, GuardDuty, Security Hub, Inspector, CloudTrail, Secrets Manager, AWS Config)
- Coordinate with the global cybersecurity team to align on standards, policies, and remediation priorities
- Ensure all security controls remain audit-ready on an ongoing basis and generate audit evidence packages for frameworks such as ISO 27001 and SOC 2
- Manage identity and access controls, including SSO, MFA enforcement, and privilege management (PAM)
- Oversee security monitoring, SIEM integration, log aggregation, and alert triage to detect and respond to threats
- Collaborate with infrastructure engineers, DevOps teams, and client-side stakeholders to embed security-first practices without blocking business delivery
- Deliver weekly client-facing reporting on security posture, remediation progress, and risk status
- Apply threat frameworks (MITRE ATT&CK, STRIDE, NIST CSF, Zero Trust) to continuously improve the environment's resilience
Requirements
- 10+ years of professional experience in cybersecurity, cloud security, or information security roles
- Minimum 5 years of hands-on experience with AWS security services (GuardDuty, Security Hub, IAM, Secrets Manager, Inspector, CloudTrail, AWS Config)
- Demonstrated experience leading security remediation projects in regulated environments (banking, healthcare, or FMCG preferred)
- Experience working with audit frameworks and generating audit evidence packages (ISO 27001, SOC 2, or equivalent)
- Prior experience in client-embedded or staff augmentation roles is a strong plus
- AWS: IAM, GuardDuty, Security Hub, Inspector, CloudTrail, Secrets Manager, AWS Config, AWS Backup, Transfer Family
- EC2 and Elastic Beanstalk: platform management, Amazon Linux migration, patch management
- Encryption: KMS, RDS encryption at rest, S3 server-side encryption, certificate management
- Network security: Security Groups, NACLs, VPC architecture, WAF, NLB/ALB security
- Identity: SSO (AWS IAM Identity Center), MFA enforcement, privilege management (PAM)
- Threat frameworks: MITRE ATT&CK, STRIDE, NIST CSF, Zero Trust principles
- Security monitoring: SIEM integration (Splunk preferred), log aggregation, alert triage
- Candidates must hold at least one of the following certifications: AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional, or CISSP (Certified Information Systems Security Professional)
- Advanced proficiency in English (C1+)
Nice to have
- ISO 27001 Lead Implementer or Lead Auditor
- CISM (Certified Information Security Manager)
- CompTIA Security+ or equivalent baseline
- CEH, OSCP, or offensive security certifications
- Qualys or equivalent vulnerability management tooling
- Endpoint Detection and Response (EDR/XDR) platforms
- IaC security scanning (Checkov, tfsec, or equivalent)
- DevSecOps practices: pipeline security gates, SAST/DAST integration
- Multi-cloud exposure (GCP or Azure) as secondary environment
We offer
- Comprehensive wellness: WellHub Plan (Gympass) with access to thousands of centers, annual ophthalmological operation and exclusive discounts on health and beauty
- 100% Payroll Scheme
- Legal Benefits
- Benefits Package
- Professional Development Plan
- Multicultural Collaboration
- Referal Program
- Commercial Agreements and Discounts: Through exclusive agreements with partner companies, EPAMers and their families have access to special prices on products and services, offered as discounts for being part of EPAM
- Development opportunities
EPAM is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, protected veteran status, or any other characteristic protected by applicable law.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search