Senior Cloud Security Architect – Azure & Wiz

Overview

Are you a visionary and highly experienced Cloud Security Architect looking to lead the design and implementation of a cutting-edge preventative security platform across diverse cloud and hybrid environments?

We are seeking a Lead Cloud Security Architect to spearhead the technical design, integration, and optimization of our cloud security program, focusing on consolidating capabilities and enhancing our clients’ security postures against evolving threats. This is a critical leadership role where you will shape the future of cloud security defense for our clients, ensuring the confidentiality, integrity, and availability of their digital assets.

In this role, you will bring a proven track record in designing complex, integrated security solutions, deep expertise across major cloud platforms (Azure, AWS, GCP), and a strong understanding of modern security concepts like CNAPP, Zero Trust, and DevSecOps.

You will work closely with engineering, operations, and security teams, as well as potential external partners, to translate strategic security objectives into a robust, scalable, and actionable technical architecture.

Responsibilities

 In this role you would:

• Lead the design and definition of the comprehensive technical architecture for preventative cloud security platforms, including the integration strategy for core components like Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), and Security Information and Event Management (SIEM/SOAR) platforms. 

• Architect the seamless integration of various security tools, including platforms like Wiz and Microsoft Defender for Cloud, ensuring data flows, correlation, and actionable insights across multi-cloud (Azure, AWS, GCP) and hybrid environments, including container orchestration platforms. 

• Define the technical approach for enhancing visibility, risk prioritization, and threat detection, leveraging concepts like Security Graphs, attack path analysis, and contextual vulnerability management to identify critical risks and "toxic combinations". 

• Develop and optimize security policies, rules, and configurations within the integrated platform components to minimize false positives, ensure compliance with industry standards and regulations (e.g., CIS, NIST, PCI DSS, HIPAA, GDPR, SOC 2), and align with organizational security requirements. 

• Collaborate with Security Operations Center (SOC) teams to define operational models, incident response procedures, and threat hunting methodologies that leverage the capabilities of integrated platforms. 

• Champion DevSecOps principles, designing security controls and processes that are integrated into the Software Development Life Cycle (SDLC) and Infrastructure as Code (IaC) pipelines to prevent risks from reaching production environments. 

• Provide technical guidance and expertise to implementation teams, internal stakeholders, and potential external consultants or managed service providers, ensuring the architecture is implemented correctly and efficiently. 

• Translate complex technical concepts and risks into clear, understandable terms for various audiences, including technical teams and leadership. 

• Potentially contribute technical justifications and architecture details for funding initiatives, such as the Microsoft ECIF program, including input into Statements of Work and projected consumption metrics. 

Qualifications

We expect you to bring: 

• Extensive experience in designing and implementing security architectures for complex, large-scale cloud and hybrid environments. 

• Deep technical expertise across major cloud platforms, including Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). 

• Proven experience with Microsoft Azure services, such as Microsoft Defender for Cloud (including CSPM and CWP plans), Azure Arc, Azure Data Explorer (ADX), Azure Sentinel, and Azure Active Directory Identity Protection. 

• Strong understanding and practical experience with Cloud Native Application Protection Platforms (CNAPP), including agentless scanning, contextual risk analysis, and vulnerability management across multi-cloud environments. 

• Experience with Wiz is highly desirable. 

• Experience with container security and platforms like Kubernetes or Red Hat OpenShift. 

• Knowledge of threat modeling methodologies and applying frameworks like MITRE ATT&CK. 

• Familiarity with key security compliance frameworks and standards (e.g., CIS, NIST, PCI DSS, HIPAA, GDPR, SOC 2). 

• Experience with security data logging, analysis, and querying, potentially using languages like Kusto Query Language (KQL). 

• Understanding of Identity and Access Management (IAM) principles and best practices in cloud environments. 

• Excellent technical writing and communication skills, with the ability to create clear architectural documentation and present effectively to diverse technical and non-technical audiences. 

• Experience integrating security into the Software Development Life Cycle (SDLC) and working with Infrastructure as Code (IaC). 

• Relevant cloud security certifications (e.g., CISSP, CCSP, Microsoft Azure Security Engineer Associate, Azure Solutions Architect Expert) are a plus. 

• Knowledge of remediation-as-code and security orchestration 

• Experience with security data lakes or SIEM/SOAR platforms 

Why Nortal? 

• Live our values: We commit to delivering value, take ownership, empower each other, and own our personal and professional growth.
• Collaborative & Agile Culture: Work alongside industry experts in a flat and flexible environment.
• Continuous Learning: Access mentorship and professional development opportunities.
• People-Oriented Workplace: Enjoy work-life balance, an international team culture, and flexible work arrangements.

Physical Requirements:

Prolonged periods sitting or standing at a desk and working on a computer.

Nortal - Americas Is An Equal Opportunity Employer And All Qualified Applicants Will Receive Consideration For Employment Without Regard To Race, Color, Religion, Sex, National Origin, Disability Status, Protected Veteran Status, Or Any Other Characteristic Protected By Law. The base salary range for this role is between 160k and 210k USD. Actual compensation for all roles will be based upon geographic location, work experience, education, licensure requirements and/or skill level and will be finalized at the time of offer.