Senior Security Architect | Cloud (Remote)
Irvine, CA, United States
Trace3
Trace3 delivers business transformation. We consult on, integrate, and operate convergent solutions across data, security and cloud that embrace emerging technology and drive measurable value.Who is Trace3?
Trace3 is a leading Transformative IT Authority, providing unique technology solutions and consulting services to our clients. Equipped with elite engineering and dynamic innovation, we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate, Automate, Innovate.
Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it!
Trace3 is headquartered in Irvine, California. We employ more than 1,200 people all over the United States. Our major field office locations include Denver, Indianapolis, Grand Rapids, Lexington, Los Angeles, Louisville, Texas, San Francisco.
Ready to discover the possibilities that live in technology?
Come Join Us!
Street-Smart - Thriving in Dynamic Times
We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the “big picture.” We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems.
Juice - The “Stuff” it takes to be a Needle Mover
We get things done and drive results. We lead without a title, empowering others through a can-do attitude. We look forward to the goal, mentally mapping out every checkpoint on the pathway to success, and visualizing what the final destination looks and feels like.
Teamwork - Humble, Hungry and Smart
We are humble individuals who understand how our job impacts the company's mission. We treat others with respect, admit mistakes, give credit where it’s due and demonstrate transparency. We “bring the weather” by exhibiting positive leadership and solution-focused thinking. We hug people in their trials, struggles, and failures – not just their success. We appreciate the individuality of the people around us.
Job Summary:
The Sr. Cloud Security Architect is a Subject Matter Expert (SME) responsible for supporting account management teams throughout the pre and post sales lifecycle to drive cloud security solution adoption and customer success. This role partners with sales, customer success, and delivery teams to shape secure, scalable architectures across AWS, Azure, GCP and private cloud stacks, aligning cloud security capabilities with client needs and business outcomes.
As a cloud security SME, this individual leads technical discovery sessions, client workshops, and executive briefings, offering deep expertise in Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Cloud Infrastructure Entitlement Management (CIEM). They play a key role in articulating risk, designing security architectures, performing technical assessments, and positioning solutions in competitive pre-sales environments.
This role is focused on technical leadership—with an emphasis on cloud architecture design, automation, threat modeling, and remediation guidance. The SME also supports proposal development, RFP responses, and both account team and delivery partner enablement to improve win rates and strengthen client confidence in cloud security solutions.
Key Responsibilities
Cloud Security Architecture & Hardening
- Serve as the pre-sales Subject Matter Expert (SME) for cloud security, providing architectural leadership across AWS, Azure, and GCP. Public cloud knowledge beyond the big three (OCP, IBM, etc.) and private cloud knowledge of solutions such as VMWare, OpenShift & OpenStack are all a plus.
- Design and articulate secure multi-cloud architectures aligned with customer goals, risk posture, and compliance requirements.
- Lead security posture assessments using established frameworks (CIS Benchmarks, NIST 800-190, CSA CCM, OWASP SAMM) to uncover strategic remediation and customer program development opportunities.
- Guide the secure configuration and hardening of IaaS, PaaS, and SaaS environments with emphasis on least privilege, secure networking, and workload protection.
- Collaborate with DevOps and platform engineering teams to embed security into CI/CD pipelines and infrastructure as code.
Security Assessments & Threat Modeling
- Lead technical discovery efforts and workshops to evaluate IAM, data protection (DSPM, DLP), encryption, and cloud-native compute and network controls.
- Conduct cloud attack surface assessments across containerized apps, serverless functions, and managed services to identify and communicate risk.
- Support pre-sales threat modeling efforts, helping clients visualize and mitigate risks in proposed or existing cloud architectures.
- Evaluate and position CSPM, CWPP, and CIEM solutions (e.g., Wiz, Prisma Cloud, Orca, Microsoft Defender for Cloud) in alignment with client needs.
Cloud Security Operations & Automation
- Advise on real-time cloud detection and response strategies using SIEMs, XDR/XSIAM, and native CSP tools (e.g., GuardDuty, Azure Sentinel).
- Architect automated security workflows using IaC (Terraform, Pulumi, CloudFormation) and policy-as-code (OPA/Rego) to enforce guardrails and accelerate remediation.
- Integrate cloud security telemetry with existing SOC pipelines, enhancing detection coverage and threat correlation.
- Develop and support cloud-specific incident response strategies, covering threats like identity compromise, container breakout, and API abuse.
Cross-Team Collaboration & Pre-Sales Leadership
- Act as the technical lead and SME during pre-sales engagements, supporting solution scoping, client presentations, and proposal development.
- Partner with account teams to align cloud security strategies with business priorities and regulatory requirements (PCI, HIPAA, FedRAMP, etc.).
- Deliver internal enablement sessions and develop reusable assets (e.g., reference architectures, RFP content, service briefs) to support scalable pre-sales execution.
- Engage directly with client executives, architects, and engineers to instill confidence in proposed cloud security solutions and services.
- Partner with external delivery teams to align proposal objectives with delivery capabilities, focusing on success criteria for all three involved parties – End Customer, Trace3 & Partner delivery organization.
Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field – or equivalent professional experience.
Certifications (Preferred):
- AWS Certified Solutions Architect Professional, DevOps Engineer Professional, Security Specialty
- Microsoft Azure Security Engineer, Administrator Associate; Solutions Architect and DevOps Engineer Expert
- GCP Cloud Architect, Security Engineer, DevOps Engineer, Network Engineer
- CISSP
Experience
- 7+ years of hands-on experience in cloud security, cloud architecture, or security engineering roles.
- Deep expertise in AWS, Azure, and/or GCP security models, native controls, identity frameworks, and architectural best practices.
- Proven track record conducting cloud security risk assessments, architecture reviews, and technical remediation planning.
- Experience implementing or evaluating cloud security platforms such as Wiz, Orca, Sysdig, Prisma Cloud, Lacework, AWS Security Hub, Azure Security Center, or GCP Security Command Center.
- Working knowledge of cloud security compliance standards and frameworks (e.g., CIS Benchmarks, NIST 800-53, NIST 800-190, SOC 2, ISO 27001, PCI-DSS)
- Proven success collaborating within cross-functional teams including sales, engineering, DevOps, compliance, customer success, professional service delivery, and operations.
- Adaptability in fast-paced, dynamic environments with shifting priorities and the demands of multiple stakeholders.
- Experience mentoring peers or leading internal knowledge-sharing initiatives to raise overall cloud security maturity across teams.
Skills
- Proficiency in CNAPP platforms (e.g., Wiz, Sysdig, Orca) and their application in pre-sales solutioning and client demonstrations.
- Strong skills in cloud IAM hardening, secure network design, encryption strategies, and centralized logging and monitoring architectures.
- Hands-on experience building and securing infrastructure using IaC tools (Terraform, CloudFormation, Pulumi) and enforcing policy-as-code (OPA/Rego).
- Ability to assess and communicate risks related to misconfigurations, over-permissioned roles, and exposed services across multi-cloud environments.
- Experience with container and Kubernetes security, including workload protection, RBAC, image scanning, and runtime controls.
- Excellent communication and presentation skills with the ability to translate technical findings into strategic, business-aligned recommendations for both technical and executive stakeholders
The Perks
- Comprehensive medical, dental and vision plans for you and your dependents
- 401(k) Retirement Plan with Employer Match, 529 College Savings Plan, Health Savings Account, Life Insurance, and Long-Term Disability
- Competitive Compensation
- Training and development programs
- Stocked kitchen with snacks and beverages
- Collaborative and cool culture
- Work-life balance and generous paid time off
Our Commitment
At the core of Trace3's DNA is our people. We are a diverse group of talented individuals who understand the importance of teamwork and demonstrating leadership, character, and passion in all that we do.
We’re committed to fostering an inclusive workplace where everyone feels respected, valued, and empowered to grow. We recognize that embracing diversity drives innovation, improves outcomes, fosters collaboration, boosts teammate satisfaction, and builds a more inclusive culture.
As an equal opportunity employer, Trace3 bases all employment decisions based on individual qualifications, merit, and business requirements. We do not engage in discrimination on the basis of race, color, religion, sex (including gender identity, sexual orientation, and pregnancy), national origin, age (40 or older), disability, genetic information, or any other characteristic protected by federal, state, or local law.
Any demographic information provided is strictly voluntary, kept confidential in accordance with Equal Employment Opportunity (EEO) regulations, and will not be used in employment decisions, including hiring, promotions, or mentorship programs. We are committed to providing equal employment opportunities for all.
If you require a reasonable accommodation to complete the application process or participate in an interview, please email recruiting@trace3.com.
***To all recruitment agencies: Trace3 does not accept unsolicited agency resumes/CVs. Please do not forward resumes/CVs to our careers email addresses, Trace3 employees or any other company location. Trace3 is not responsible for any fees related to unsolicited resumes/CVs.
Tags: APIs Automation AWS Azure CI/CD CISSP Cloud CNAPP Compliance Computer Science CSPM DevOps DSPM Encryption FedRAMP GCP HIPAA IaaS IAM Incident response ISO 27001 Kubernetes Monitoring NIST NIST 800-53 OpenStack OWASP PaaS RFPs Risk assessment SaaS SAMM Security assessment Sentinel SIEM SOC SOC 2 Terraform VMware XDR
Perks/benefits: 401(k) matching Career development Competitive pay Flex hours Flex vacation Health care Insurance Salary bonus Snacks / Drinks Startup environment Transparency
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.