DATAECONOMY
DATAECONOMY is one of the fastest-growing Data & Analytics company with global presence. We are well-differentiated and are known for our Thought leadership, out-of-the-box products, cutting-edge solutions, accelerators, innovative use cases, and cost-effective service offerings.
We offer products and solutions in Cloud, Data Engineering, Data Governance, AI/ML, DevOps and Blockchain to large corporates across the globe. Strategic Partners with AWS, Collibra, cloudera, neo4j, DataRobot, Global IDs, tableau, MuleSoft and Talend.
AWS Cloud Security Architect
Boston, MA / Hybrid
Full-time
Role Summary
We are looking for an experienced
AWS Cloud Security Architect
with strong hands‑on expertise in
Open Policy Agent (OPA)
to design, implement, and govern security controls across our cloud platforms. You will be responsible for defining security architecture,
governing multi‑account AWS environments using AWS Control Tower and Service Control Policies (SCPs) , codifying policies as code, and partnering with engineering teams to embed security into CI/CD pipelines and cloud‑native applications.
Key Responsibilities
Cloud Security Architecture
Design and own end-to-end security architecture on AWS, ensuring alignment with best practices and industry standards ( CIS, NIST, ISO 27001 , etc.).
Design and govern multi‑account AWS environments using AWS Control Tower, landing zones, and account baselines.
Define and maintain secure reference architectures for
VPCs, network segmentation, IAM, encryption, logging, monitoring, and account‑level guardrails .
Define and manage Service Control Policies (SCPs)
to enforce preventative security controls and governance across AWS Organizations.
Evaluate and recommend AWS native security services (e.g.,
IAM, KMS, Control Tower, Organizations, SCPs, Security Hub, GuardDuty, WAF, Shield, Macie, Config ) and third‑party tools.
Policy‑as‑Code / OPA
Design and implement
policy‑as‑code
solutions using
Open Policy Agent (OPA)
and
Rego
for:
Kubernetes admission control (e.g.,
Gatekeeper )
API authorization
CI/CD checks (e.g.,
Terraform plan validation, image scanning gates )
Align OPA policies with AWS governance controls such as SCPs and Control Tower guardrails to provide layered defense (preventative detective).
Define reusable policy libraries and guardrails to enforce security, compliance, and governance across environments.
Integrate OPA with developer workflows and pipelines, enabling
shift‑left security
with automated policy checks.
Work closely with platform and DevOps teams to ensure OPA policies are
scalable, testable, and observable .
Cloud Governance & Compliance
Establish and maintain
cloud security standards, account baselines, and governance models
for AWS accounts, workloads, and data.
Leverage AWS Control Tower guardrails (mandatory and elective) to enforce organizational security and compliance requirements.
Work with Compliance / Risk teams to map
OPA policies, SCPs, and AWS native controls
to regulatory requirements (e.g.,
GDPR, SOC 2, PCI‑DSS , as applicable).
Drive security posture management using
AWS Config, Security Hub, Control Tower, and CSPM platforms .
Security Engineering & Automation
Implement infrastructure and governance controls through
Infrastructure as Code (Terraform / CloudFormation) , including
SCPs and Control Tower customization .
Collaborate with DevOps / SRE teams to embed security controls into
CI/CD pipelines
(GitHub Actions, GitLab CI, Jenkins, etc.).
Automate detection and remediation of security misconfigurations using
Lambda functions, AWS Config rules, OPA policies, and SCP‑based preventative controls .
Collaboration & Leadership
Act as a trusted security partner for application, data, and platform engineering teams.
Review high‑risk solutions and architectural changes, providing
security sign‑off and governance guidance .
Lead
threat modeling, cloud security assessments, and multi‑account architecture reviews .
Provide mentoring and training on
cloud security, AWS governance (Control Tower/SCPs), and OPA best practices .
Requirements
10 years
of overall IT experience with at least
6 years focused on cloud security (preferably AWS) .
Strong, hands‑on experience with AWS:
AWS Organizations, Control Tower, and Service Control Policies (SCPs)
VPCs, Subnets, NACLs, Security Groups
IAM (roles, policies, permission boundaries)
KMS, CloudTrail, CloudWatch, Config
Load Balancers, API Gateway, Lambda, ECS/EKS (preferred)
Expertise in
Open Policy Agent (OPA) :
Writing and maintaining
Rego
policies
Integration with
Kubernetes, microservices, and CI/CD workflows
Experience with
Gatekeeper / Styra
is a plus
Solid understanding of cloud security principles:
Identity and access management (IAM)
Network security, segmentation, and zero‑trust concepts
Encryption in transit/at rest and key management
Logging, monitoring, and incident detection
Experience with
Infrastructure as Code (Terraform or CloudFormation) .
Familiarity with
DevOps and CI/CD
tools and practices.
Strong knowledge of
security frameworks and standards
(CIS Benchmarks, NIST, ISO 27001, OWASP, etc.).
Proficiency in at least one scripting or programming language ( Python, Go, Bash ).
#J-18808-Ljbffr
We offer products and solutions in Cloud, Data Engineering, Data Governance, AI/ML, DevOps and Blockchain to large corporates across the globe. Strategic Partners with AWS, Collibra, cloudera, neo4j, DataRobot, Global IDs, tableau, MuleSoft and Talend.
AWS Cloud Security Architect
Boston, MA / Hybrid
Full-time
Role Summary
We are looking for an experienced
AWS Cloud Security Architect
with strong hands‑on expertise in
Open Policy Agent (OPA)
to design, implement, and govern security controls across our cloud platforms. You will be responsible for defining security architecture,
governing multi‑account AWS environments using AWS Control Tower and Service Control Policies (SCPs) , codifying policies as code, and partnering with engineering teams to embed security into CI/CD pipelines and cloud‑native applications.
Key Responsibilities
Cloud Security Architecture
Design and own end-to-end security architecture on AWS, ensuring alignment with best practices and industry standards ( CIS, NIST, ISO 27001 , etc.).
Design and govern multi‑account AWS environments using AWS Control Tower, landing zones, and account baselines.
Define and maintain secure reference architectures for
VPCs, network segmentation, IAM, encryption, logging, monitoring, and account‑level guardrails .
Define and manage Service Control Policies (SCPs)
to enforce preventative security controls and governance across AWS Organizations.
Evaluate and recommend AWS native security services (e.g.,
IAM, KMS, Control Tower, Organizations, SCPs, Security Hub, GuardDuty, WAF, Shield, Macie, Config ) and third‑party tools.
Policy‑as‑Code / OPA
Design and implement
policy‑as‑code
solutions using
Open Policy Agent (OPA)
and
Rego
for:
Kubernetes admission control (e.g.,
Gatekeeper )
API authorization
CI/CD checks (e.g.,
Terraform plan validation, image scanning gates )
Align OPA policies with AWS governance controls such as SCPs and Control Tower guardrails to provide layered defense (preventative detective).
Define reusable policy libraries and guardrails to enforce security, compliance, and governance across environments.
Integrate OPA with developer workflows and pipelines, enabling
shift‑left security
with automated policy checks.
Work closely with platform and DevOps teams to ensure OPA policies are
scalable, testable, and observable .
Cloud Governance & Compliance
Establish and maintain
cloud security standards, account baselines, and governance models
for AWS accounts, workloads, and data.
Leverage AWS Control Tower guardrails (mandatory and elective) to enforce organizational security and compliance requirements.
Work with Compliance / Risk teams to map
OPA policies, SCPs, and AWS native controls
to regulatory requirements (e.g.,
GDPR, SOC 2, PCI‑DSS , as applicable).
Drive security posture management using
AWS Config, Security Hub, Control Tower, and CSPM platforms .
Security Engineering & Automation
Implement infrastructure and governance controls through
Infrastructure as Code (Terraform / CloudFormation) , including
SCPs and Control Tower customization .
Collaborate with DevOps / SRE teams to embed security controls into
CI/CD pipelines
(GitHub Actions, GitLab CI, Jenkins, etc.).
Automate detection and remediation of security misconfigurations using
Lambda functions, AWS Config rules, OPA policies, and SCP‑based preventative controls .
Collaboration & Leadership
Act as a trusted security partner for application, data, and platform engineering teams.
Review high‑risk solutions and architectural changes, providing
security sign‑off and governance guidance .
Lead
threat modeling, cloud security assessments, and multi‑account architecture reviews .
Provide mentoring and training on
cloud security, AWS governance (Control Tower/SCPs), and OPA best practices .
Requirements
10 years
of overall IT experience with at least
6 years focused on cloud security (preferably AWS) .
Strong, hands‑on experience with AWS:
AWS Organizations, Control Tower, and Service Control Policies (SCPs)
VPCs, Subnets, NACLs, Security Groups
IAM (roles, policies, permission boundaries)
KMS, CloudTrail, CloudWatch, Config
Load Balancers, API Gateway, Lambda, ECS/EKS (preferred)
Expertise in
Open Policy Agent (OPA) :
Writing and maintaining
Rego
policies
Integration with
Kubernetes, microservices, and CI/CD workflows
Experience with
Gatekeeper / Styra
is a plus
Solid understanding of cloud security principles:
Identity and access management (IAM)
Network security, segmentation, and zero‑trust concepts
Encryption in transit/at rest and key management
Logging, monitoring, and incident detection
Experience with
Infrastructure as Code (Terraform or CloudFormation) .
Familiarity with
DevOps and CI/CD
tools and practices.
Strong knowledge of
security frameworks and standards
(CIS Benchmarks, NIST, ISO 27001, OWASP, etc.).
Proficiency in at least one scripting or programming language ( Python, Go, Bash ).
#J-18808-Ljbffr