Senior Information Cloud Security Architect

Who We AreJoin a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for ten consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We DoWe are looking for an innovative and proactive Senior Security Architect to lead the strategic planning, implementation, and ongoing enhancement of First American’s security framework. This pivotal role requires a blend of strong technical proficiency and effective business leadership. The ideal candidate will develop and articulate a robust security strategy encompassing network, application, identity, data and cloud environments, ensuring proactive management of cyber risks. Provide long-term solutions to Information Security Technology needs, including protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

This role will be hybrid two days per week onsite in Santa Ana, CA.

What You'll Do

Cloud Security Architecture & Zero Trust Design:
Lead the design and implementation of Zero Trust security models within multi-cloud environments (Azure, AWS, GCP) to implement Zero Trust principles within the organization's cloud infrastructure. This includes securing data, network access, identities, applications, privatization of workloads and network micro-segmentation based on the principle of least privilege.
Governance Models for Security:
             a. Application Security Governance: Collaborate with Application Security Architects to design and enforce application security governance models that integrate secure software development practices, secure APIs, and application-level access controls.
            b. Identity and Access Management (IAM): Collaborate with Identity Architects to design and enforce comprehensive IAM policies as part of the Zero Trust model, ensuring least-privilege access evolving to JIT Just-In-Time based access, strong authentication mechanisms (including multi-factor authentication), password less authentication, and identity federation across cloud platforms (Entra ID, AWS IAM, GCP Identity).
           c. Data Governance: Collaborate with Data Architects to develop and enforce governance models that protect sensitive and critical data within cloud environments

Cloud Security Risk Management:
Identify and mitigate security risks associated with cloud deployments and continuously improve security posture in line with Zero Trust principles.
Cloud Security Posture Management:
Regulate policy enforcement, monitor compliance, and implement remediation strategies based on Prisma Cloud findings to improve cloud security posture. Configure and manage Prisma Cloud policies to monitor and identify misconfigurations, vulnerabilities, and threats in cloud infrastructure, applications, and services.
Security Automation & Orchestration: Utilize automation tools to integrate security controls into cloud workflows as part of Dev-Sec-Ops model. Automate deployment of security policies and governance models using Infrastructure as Code (IaC) tools ensuring security consistency across cloud resources
Continuous Improvement: Stay up to date with the latest cloud security threats, trends, and technologies.
 

 What You'll Bring

• Minimum of 5 years of experience in cloud security architecture, governance, and risk management across EntraID, Azure, AWS, and GCP. 
• At least 2 years of experience designing and implementing Zero Trust security models.
• At least 2 years of hands-on experience with Microsoft Defender for Cloud and managing EntraID security controls.
• Combination of cloud provider security certifications such as AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer, Google Professional Cloud Security Engineer, or equivalent.
• Additional cybersecurity certifications such as CISSP, CISM, CISA, or equivalent are preferred.
• Strong understanding of security and compliance frameworks such as NIST, SOC 2, CIS, CSA, GDPR, and how they map to cloud environments.  

• KNOWLEDGE, SKILLS, AND ABILITIES (KSAs)

• Deep knowledge of cloud-native security service offerings across EntraID, Azure, AWS, and GCP.
• Experience with hybrid and multi-cloud architectures and the challenges of implementing Zero Trust in such environments.
• Familiarity with container and microservices security (e.g., Docker, Kubernetes) and security for containerized workloads.
• Hands-on experience with cloud security automation, including Infrastructure as Code (IaC) tools.
• Experience with DevSecOps practices and integrating security into CI/CD pipelines.
• Familiarity with CSPM, CNAPP and CWPP tools and SIEM solutions.  
• Experience with Prisma Cloud and other CSPM platforms in general to manage and improve cloud security posture.   
• Familiarity with CIEM tools 
• Familiarity with SSE (Security Service Edge) technologies, including Cloud Access Security Brokers (CASB) and Data Loss Prevention (DLP), for protecting cloud-based data, applications, and user access. 

Pay Range: $145,000- $193,300 Annually

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting.  Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.

What We OfferBy choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it’s the right thing to do, but also because it’s the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. **

First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).

First American intends to conduct a review of an applicant’s criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.