Cloud Security Architect
Location: Brussel / Hybrid
Contract: Full-time
Project Duration: Until the end of January 2026, with the possibility of extension.
Role Summary:
We are looking for a seasoned Cloud Security Architect with over 15 years of experience in securing critical infrastructure. You will lead the security-by-design agenda across AWS, Azure, and hybrid workloads, embedding controls into every layer—from Terraform modules to Zero Trust access patterns. Your role will involve not just advising but also architecting, reviewing code, and steering execution across the cloud lifecycle with platform, SOC, and architecture teams. Your domain will include regulatory readiness (NIS2), enterprise resilience, and secure cloud automation.
Key Responsibilities:
- Cloud Security Architecture & Design:
- Lead the design and enforcement of secure architectures for AWS and Azure (multi-account, multi-subscription).
- Define and maintain end-to-end security blueprints: identity, network, encryption, logging, container runtime, secrets, WAF.
- Build reusable Terraform and Bicep modules with embedded controls (e.g., KMS, private endpoints, logging).
- Validate workload isolation and implement advanced network segmentation with Azure Firewall, AWS TGW, NAT Gateway, and PrivateLink.
- Security-as-Code & DevSecOps:
- Enforce policy-as-code using Azure Policy, OPA, SCPs, and Service Control Policies for AWS Organizations.
- Integrate security controls into CI/CD pipelines and runtime checks.
- Drive shift-left security: IaC scanning, container scanning, and workload attestation.
- Architect secure patterns for Kubernetes with RBAC, Pod Security Policies, egress lockdown, and image signing.
- Governance, Compliance & Risk:
- Translate regulatory requirements into actionable cloud controls.
- Design and implement continuous compliance frameworks across cloud estates.
- Lead security architecture reviews, threat models, and risk assessments for new digital and modernization programs.
- Advisory, Incident Support & Operational Maturity:
- Act as senior escalation for cloud-related incidents; contribute to forensics and root cause analysis.
- Coach teams on secure architecture standards and support the SOC in tuning detections for cloud-native threats.
- Contribute to hardening playbooks, vulnerability remediation guides, and incident runbooks.
Required Experience:
- 15+ years in IT/security, with 10+ years in cloud security architecture roles.
- Deep expertise in AWS and Azure security services.
- Hands-on experience with Terraform, Bicep, GitOps, container security, and policy automation.
- Demonstrated delivery of security frameworks at enterprise scale in regulated industries.
Certifications (Required/Preferred):
- Required (at least 2):
- AWS Certified Security – Specialty
- Microsoft Certified: Azure Security Engineer Associate (AZ-500)
- CISSP or CCSP
- Preferred:
- TOGAF, SABSA, GIAC Cloud Security Certifications (GCLD, GCSA)
What You Bring:
- Architecture mindset with a coder’s hands.
- Ability to speak both security and platform engineering fluently.
- Relentless focus on automation, detection, and resilient design.
- Strategic understanding of regulatory impact on cloud-native architectures.