Trace3
Senior Security Solutions Architect | Presales/Cloud (Remote)Irvi...
Trace3 - Irvine, California, United States, 92713
Work at Trace3
Overview
- View job
Overview
Senior Security Architect | Cloud (Remote)
Trace3 is a leading Transformative IT Authority, providing unique technology solutions and consulting services to our clients. Equipped with elite engineering and dynamic innovation, we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate, Automate, Innovate. Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it! Trace3 is headquartered in Irvine, California. We employ more than 1,200 people all over the United States. Our major field office locations include Denver, Indianapolis, Grand Rapids, Lexington, Los Angeles, Louisville, Texas, San Francisco. Ready to discover the possibilities that live in technology? Come Join Us! Street-Smart - Thriving in Dynamic Times We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the "big picture." We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems. Juice - The "Stuff" it takes to be a Needle Mover We get things done and drive results. We lead without a title, empowering others through a can-do attitude. We look forward to the goal, mentally mapping out every checkpoint on the pathway to success, and visualizing what the final destination looks and feels like. Teamwork - Humble, Hungry and Smart We are humble individuals who understand how our job impacts the company's mission. We treat others with respect, admit mistakes, give credit where it's due and demonstrate transparency. We "bring the weather" by exhibiting positive leadership and solution-focused thinking. We hug people in their trials, struggles, and failures not just their success. We appreciate the individuality of the people around us. Job Summary
The Sr. Cloud Security Architect is a Subject Matter Expert (SME) responsible for supporting account management teams throughout the pre and post sales lifecycle to drive cloud security solution adoption and customer success. This role partners with sales, customer success, and delivery teams to shape secure, scalable architectures across AWS, Azure, GCP and private cloud stacks, aligning cloud security capabilities with client needs and business outcomes. As a cloud security SME, this individual leads technical discovery sessions, client workshops, and executive briefings, offering deep expertise in Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Cloud Infrastructure Entitlement Management (CIEM). They play a key role in articulating risk, designing security architectures, performing technical assessments, and positioning solutions in competitive pre-sales environments. This role is focused on technical leadershipwith an emphasis on cloud architecture design, automation, threat modeling, and remediation guidance. The SME also supports proposal development, RFP responses, and both account team and delivery partner enablement to improve win rates and strengthen client confidence in cloud security solutions. Key Responsibilities
Serve as the pre-sales Subject Matter Expert (SME) for cloud security, providing architectural leadership across AWS, Azure, and GCP. Public cloud knowledge beyond the big three (OCP, IBM, etc.) and private cloud knowledge of solutions such as VMWare, OpenShift & OpenStack are all a plus. Design and articulate secure multi-cloud architectures aligned with customer goals, risk posture, and compliance requirements. Lead security posture assessments using established frameworks (CIS Benchmarks, NIST 800-190, CSA CCM, OWASP SAMM) to uncover strategic remediation and customer program development opportunities. Guide the secure configuration and hardening of IaaS, PaaS, and SaaS environments with emphasis on least privilege, secure networking, and workload protection. Collaborate with DevOps and platform engineering teams to embed security into CI/CD pipelines and infrastructure as code. Security Assessments & Threat Modeling
Lead technical discovery efforts and workshops to evaluate IAM, data protection (DSPM, DLP), encryption, and cloud-native compute and network controls. Conduct cloud attack surface assessments across containerized apps, serverless functions, and managed services to identify and communicate risk. Support pre-sales threat modeling efforts, helping clients visualize and mitigate risks in proposed or existing cloud architectures. Evaluate and position CSPM, CWPP, and CIEM solutions (e.g., Wiz, Prisma Cloud, Orca, Microsoft Defender for Cloud) in alignment with client needs. Cloud Security Operations & Automation
Advise on real-time cloud detection and response strategies using SIEMs, XDR/XSIAM, and native CSP tools (e.g., GuardDuty, Azure Sentinel). Architect automated security workflows using IaC (Terraform, Pulumi, CloudFormation) and policy-as-code (OPA/Rego) to enforce guardrails and accelerate remediation. Integrate cloud security telemetry with existing SOC pipelines, enhancing detection coverage and threat correlation. Develop and support cloud-specific incident response strategies, covering threats like identity compromise, container breakout, and API abuse. Cross-Team Collaboration & Pre-Sales Leadership
Act as the technical lead and SME during pre-sales engagements, supporting solution scoping, client presentations, and proposal development. Partner with account teams to align cloud security strategies with business priorities and regulatory requirements (PCI, HIPAA, FedRAMP, etc.). Deliver internal enablement sessions and develop reusable assets (e.g., reference architectures, RFP content, service briefs) to support scalable pre-sales execution. Engage directly with client executives, architects, and engineers to instill confidence in proposed cloud security solutions and services. Partner with external delivery teams to align proposal objectives with delivery capabilities, focusing on success criteria for all three involved parties End Customer, Trace3 & Partner delivery organization. Qualifications Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field or equivalent professional experience. Certifications (Preferred): AWS Certified Solutions Architect Professional, DevOps Engineer Professional, Security Specialty Microsoft Azure Security Engineer, Administrator Associate; Solutions Architect and DevOps Engineer Expert GCP Cloud Architect, Security Engineer, DevOps Engineer, Network Engineer CISSP Experience 7+ years of hands-on experience in cloud security, cloud architecture, or security engineering roles. Deep expertise in AWS, Azure, and/or GCP security models, native controls, identity frameworks, and architectural best practices. Proven track record conducting cloud security risk assessments, architecture reviews, and technical remediation planning. Experience implementing or evaluating cloud security platforms such as Wiz, Orca, Sysdig, Prisma Cloud, Lacework, AWS Security Hub, Azure Security Center, or GCP Security Command Center. Working knowledge of cloud security compliance standards and frameworks (e.g., CIS Benchmarks, NIST 800-53, NIST 800-190, SOC 2, ISO 27001, PCI-DSS) Proven success collaborating within cross-functional teams including sales, engineering, DevOps, compliance, customer success, professional service delivery, and operations. Adaptability in fast-paced, dynamic environments with shifting priorities and the demands of multiple stakeholders. Experience mentoring peers or leading internal knowledge-sharing initiatives to raise overall cloud security maturity across teams. Skills Proficiency in CNAPP platforms (e.g., Wiz, Sysdig, Orca) and their application in pre-sales solutioning and client demonstrations. Strong skills in cloud IAM hardening, secure network design, encryption strategies, and centralized logging and monitoring architectures. Hands-on experience building and securing infrastructure using IaC tools (Terraform, CloudFormation, Pulumi) and enforcing policy-as-code (OPA/Rego). Ability to assess and communicate risks related to misconfigurations, over-permissioned roles, and exposed services across multi-cloud environments. Experience with container and Kubernetes security, including workload protection, RBAC, image scanning,
Trace3 is a leading Transformative IT Authority, providing unique technology solutions and consulting services to our clients. Equipped with elite engineering and dynamic innovation, we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate, Automate, Innovate. Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it! Trace3 is headquartered in Irvine, California. We employ more than 1,200 people all over the United States. Our major field office locations include Denver, Indianapolis, Grand Rapids, Lexington, Los Angeles, Louisville, Texas, San Francisco. Ready to discover the possibilities that live in technology? Come Join Us! Street-Smart - Thriving in Dynamic Times We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the "big picture." We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems. Juice - The "Stuff" it takes to be a Needle Mover We get things done and drive results. We lead without a title, empowering others through a can-do attitude. We look forward to the goal, mentally mapping out every checkpoint on the pathway to success, and visualizing what the final destination looks and feels like. Teamwork - Humble, Hungry and Smart We are humble individuals who understand how our job impacts the company's mission. We treat others with respect, admit mistakes, give credit where it's due and demonstrate transparency. We "bring the weather" by exhibiting positive leadership and solution-focused thinking. We hug people in their trials, struggles, and failures not just their success. We appreciate the individuality of the people around us. Job Summary
The Sr. Cloud Security Architect is a Subject Matter Expert (SME) responsible for supporting account management teams throughout the pre and post sales lifecycle to drive cloud security solution adoption and customer success. This role partners with sales, customer success, and delivery teams to shape secure, scalable architectures across AWS, Azure, GCP and private cloud stacks, aligning cloud security capabilities with client needs and business outcomes. As a cloud security SME, this individual leads technical discovery sessions, client workshops, and executive briefings, offering deep expertise in Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), and Cloud Infrastructure Entitlement Management (CIEM). They play a key role in articulating risk, designing security architectures, performing technical assessments, and positioning solutions in competitive pre-sales environments. This role is focused on technical leadershipwith an emphasis on cloud architecture design, automation, threat modeling, and remediation guidance. The SME also supports proposal development, RFP responses, and both account team and delivery partner enablement to improve win rates and strengthen client confidence in cloud security solutions. Key Responsibilities
Serve as the pre-sales Subject Matter Expert (SME) for cloud security, providing architectural leadership across AWS, Azure, and GCP. Public cloud knowledge beyond the big three (OCP, IBM, etc.) and private cloud knowledge of solutions such as VMWare, OpenShift & OpenStack are all a plus. Design and articulate secure multi-cloud architectures aligned with customer goals, risk posture, and compliance requirements. Lead security posture assessments using established frameworks (CIS Benchmarks, NIST 800-190, CSA CCM, OWASP SAMM) to uncover strategic remediation and customer program development opportunities. Guide the secure configuration and hardening of IaaS, PaaS, and SaaS environments with emphasis on least privilege, secure networking, and workload protection. Collaborate with DevOps and platform engineering teams to embed security into CI/CD pipelines and infrastructure as code. Security Assessments & Threat Modeling
Lead technical discovery efforts and workshops to evaluate IAM, data protection (DSPM, DLP), encryption, and cloud-native compute and network controls. Conduct cloud attack surface assessments across containerized apps, serverless functions, and managed services to identify and communicate risk. Support pre-sales threat modeling efforts, helping clients visualize and mitigate risks in proposed or existing cloud architectures. Evaluate and position CSPM, CWPP, and CIEM solutions (e.g., Wiz, Prisma Cloud, Orca, Microsoft Defender for Cloud) in alignment with client needs. Cloud Security Operations & Automation
Advise on real-time cloud detection and response strategies using SIEMs, XDR/XSIAM, and native CSP tools (e.g., GuardDuty, Azure Sentinel). Architect automated security workflows using IaC (Terraform, Pulumi, CloudFormation) and policy-as-code (OPA/Rego) to enforce guardrails and accelerate remediation. Integrate cloud security telemetry with existing SOC pipelines, enhancing detection coverage and threat correlation. Develop and support cloud-specific incident response strategies, covering threats like identity compromise, container breakout, and API abuse. Cross-Team Collaboration & Pre-Sales Leadership
Act as the technical lead and SME during pre-sales engagements, supporting solution scoping, client presentations, and proposal development. Partner with account teams to align cloud security strategies with business priorities and regulatory requirements (PCI, HIPAA, FedRAMP, etc.). Deliver internal enablement sessions and develop reusable assets (e.g., reference architectures, RFP content, service briefs) to support scalable pre-sales execution. Engage directly with client executives, architects, and engineers to instill confidence in proposed cloud security solutions and services. Partner with external delivery teams to align proposal objectives with delivery capabilities, focusing on success criteria for all three involved parties End Customer, Trace3 & Partner delivery organization. Qualifications Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field or equivalent professional experience. Certifications (Preferred): AWS Certified Solutions Architect Professional, DevOps Engineer Professional, Security Specialty Microsoft Azure Security Engineer, Administrator Associate; Solutions Architect and DevOps Engineer Expert GCP Cloud Architect, Security Engineer, DevOps Engineer, Network Engineer CISSP Experience 7+ years of hands-on experience in cloud security, cloud architecture, or security engineering roles. Deep expertise in AWS, Azure, and/or GCP security models, native controls, identity frameworks, and architectural best practices. Proven track record conducting cloud security risk assessments, architecture reviews, and technical remediation planning. Experience implementing or evaluating cloud security platforms such as Wiz, Orca, Sysdig, Prisma Cloud, Lacework, AWS Security Hub, Azure Security Center, or GCP Security Command Center. Working knowledge of cloud security compliance standards and frameworks (e.g., CIS Benchmarks, NIST 800-53, NIST 800-190, SOC 2, ISO 27001, PCI-DSS) Proven success collaborating within cross-functional teams including sales, engineering, DevOps, compliance, customer success, professional service delivery, and operations. Adaptability in fast-paced, dynamic environments with shifting priorities and the demands of multiple stakeholders. Experience mentoring peers or leading internal knowledge-sharing initiatives to raise overall cloud security maturity across teams. Skills Proficiency in CNAPP platforms (e.g., Wiz, Sysdig, Orca) and their application in pre-sales solutioning and client demonstrations. Strong skills in cloud IAM hardening, secure network design, encryption strategies, and centralized logging and monitoring architectures. Hands-on experience building and securing infrastructure using IaC tools (Terraform, CloudFormation, Pulumi) and enforcing policy-as-code (OPA/Rego). Ability to assess and communicate risks related to misconfigurations, over-permissioned roles, and exposed services across multi-cloud environments. Experience with container and Kubernetes security, including workload protection, RBAC, image scanning,