Who Are you?

You are a battle-tested Cloud Security Architect with 15+ years of experience securing critical infrastructure. At bnode, you'll lead the security-by-design agenda across AWS, Azure, and hybrid workloads, embedding controls into every layer - from Terraform modules to Zero Trust access patterns. You won't just advise. You'll architect, review code, and steer execution across the cloud lifecycle with platform, SOC, and architecture teams. Regulatory readiness (NIS2), enterprise resilience, and secure cloud automation - this is your domain.

What will you do?

Key Responsibilities

Cloud Security Architecture & Design

Lead design and enforcement of secure architectures for AWS and Azure (multi-account, multi-subscription).
Define and maintain end-to-end security blueprints: identity, network, encryption, logging, container runtime, secrets, WAF.
Build reusable Terraform and StackGuardian components with embedded security controls (e.g., KMS, private endpoints, logging).
Validate workload isolation (hub/spoke, VNET/NSG/NACL) and implement advanced network segmentation with Azure Firewall, AWS TGW, NAT Gateway, and PrivateLink.

Security-as-Code & DevSecOps

Enforce policy-as-code for AWS & Azure.
Integrate security controls into CI/CD pipelines (Azure DevOps, GitHub Actions) and runtime checks (Defender for Cloud, AWS Config).
Drive shift-left security: IaC scanning (Checkov, tfsec), container scanning (Trivy, ECR/ACR policies), and workload attestation.
Architect secure patterns for Kubernetes (AKS/EKS) with RBAC, Pod Security Policies, egress lockdown, and image signing.

Governance, Compliance & Risk

Translate regulatory requirements (NIS2, ISO 27001, PCI DSS, DORA) into actionable cloud controls.
Design and implement continuous compliance frameworks across cloud estates.
Lead security architecture reviews, threat models, and risk assessments for new digital and modernization programs.

Advisory, Incident Support & Operational Maturity

Act as senior escalation for cloud-related incidents; contribute to forensics and root cause analysis.
Coach teams on secure architecture standards and support the SOC in tuning detections for cloud-native threats (MITRE ATT&CK for Cloud).
Contribute to hardening playbooks, vulnerability remediation guides, and incident runbooks.

Required Experience

15+ years in IT/security, with 10+ years in cloud security architecture roles.
Deep expertise in AWS and Azure security services (IAM, KMS, VPC/NSG/Security Groups, Defender, Security Hub, Sentinel, etc.).
Hands-on with Terraform, StackGuardian container security, and policy automation.
Demonstrated delivery of security frameworks at enterprise scale in regulated industries (finance, logistics, public sector).

Certifications (Required/Preferred)