Senior Cloud Security Architect Ekco

Ekco is seeking a highly skilled Cloud Security Architect with extensive expertise in Information & Cyber Security, IT/OT, and large‑scale cloud and on‑premises enterprise environments.

Collaborate directly with Enterprise Clients to provide expert advice, conduct thorough assessments, and deliver comprehensive programmes focused on Enterprise Cyber & Cloud Security.

Responsibilities

• Conduct Cloud Security Audits and Assessments: Regularly perform cloud (Azure and/or AWS) security audits and assessments to identify vulnerabilities and ensure compliance with industry standards.
• Develop and Maintain Cloud Security Strategies: Create and update comprehensive cloud‑security strategies that align with the organisation’s goals and regulatory requirements.
• Develop and Implement Cloud Security Policies: Create and enforce cloud‑security policies and procedures to protect the organisation’s assets and data.
• Evaluate and Recommend Cloud Security Solutions: Assess new cloud‑security technologies and solutions and recommend their adoption to enhance the organisation’s security posture.
• Zero Trust Architecture: Architect and champion Zero Trust security models across Azure and hybrid environments, including identity, device, and network segmentation strategies.
• Deploy Secure‑by‑Design Cloud Environments: Develop and deploy new CAF Landing Zone environments through automation, and implement and manage CSPM tools to continuously monitor, assess, and remediate misconfigurations in Azure environments.
• Security Automation and DevSecOps Integration: Lead the integration of security controls into CI/CD pipelines, ensuring automated security testing and compliance checks are part of the deployment lifecycle.
• Collaborate with Cross‑Functional Teams: Work closely with departments such as IT, Legal, and Compliance to ensure cohesive security measures across the organisation.
• Stakeholder Engagement & Security Evangelism: Act as a security evangelist, providing guidance to development, operations, and business teams on secure cloud‑design and deployment practices.
• Mentor and Train Team Members: Provide guidance and training to junior team members and other staff on security best practices and emerging threats.
• Engage in Continuous Learning: Stay informed about the latest security trends, technologies, and threats, and continuously improve your skills and knowledge.

Requirements

• Education: Bachelor’s or Master’s level in Information Security, Computer Science, or a related field, or equivalent professional work experience.
• Azure Platform: Proven experience architecting and deploying secure solutions using Azure services (e.g., Azure AD, Key Vault, Sentinel, Defender, Policy, Blueprints).
• DevOps & IaC Mastery: Advanced proficiency in Infrastructure‑as‑Code (Terraform, Bicep, ARM templates) and automation within Azure DevOps pipelines. Hashicorp Terraform associate credentials (003/4).
• Cloud Security Technologies: Comprehensive understanding of cloud security technologies across Azure, M365, AWS and Zero Trust concepts.
• Cloud Security Architecture: Extensive experience in cloud‑security architecture and management, with strong knowledge of security best practices – preferably with Azure.
• Compliance & Regulatory Knowledge: In‑depth understanding of regulatory requirements (GDPR, NIS2, DORA, SOC 2, HIPAA) and experience implementing controls in Azure environments.
• Security Frameworks & Best Practices: Strong knowledge of cloud security frameworks such as CIS, NIST, CSA and OWASP, and application of controls and guardrails specific to cloud environments.
• Interpersonal Skills: Leadership, communication, and stakeholder management skills, with the ability to translate technical risks into business language.
• Cloud Security Certifications: Professional/Expert‑level cloud‑architect certifications (e.g., Microsoft Azure Solutions Architect (AZ‑305), Microsoft Cybersecurity Architect (SC‑100), Azure Security Engineer Associate (AZ‑500)). Optional AWS Cloud Solutions Architect and AWS Cloud Security Architect.
• Cybersecurity Qualifications: Possession or progress towards certifications such as CISSP, CCSP, and CISM.
• Professional Accreditation: Accreditation from bodies like ISC², ISACA, CiiSec or BCS.

Nice to Have

• Experience managing and securing multi‑cloud environments (e.g., Azure, AWS, GCP).
• Broad knowledge of information security, risk management, and corporate governance.
• Excellent skills in Infrastructure‑as‑Code tools (e.g., Terraform, Bicep, CloudFormation).
• Proficiency in CASB, CSPM, IAM, SIEM, MDR, XDR and related fields.
• Additional Microsoft or AWS Associate‑level certifications.
• Additional Azure or AWS Cloud Security or Engineer‑level certifications.
• Experience with AWS Management and Governance and Identity & Security services.
• Relevant cyber‑security certifications such as GSEC or CASP+.
• Experience with other public cloud providers, including AWS and Google Cloud Platform (GCP).

Benefits

• 25 days annual leave plus public holidays.
• One extra birthday leave day.
• Company pension scheme.
• Employee Assistance Programme (EAP) for wellbeing support.
• EkcOlympics: Global team activity challenges.
• Unlimited access to Pluralsight for continuous development.
• Real opportunities to grow, including international progression.