AWS Cloud Security Architect

ECCO Select is a talent acquisition and consulting company specializing in people, process and technology solutions. We provide the talent behind the technology enabling our clients to achieve their goals. For more information about ECCO Select, visit us at www.eccoselect.com.

Position Title:   AWS Cloud Security Architect

Location Information  

Dallas-Fort Worth Metroplex, TX (Hybrid – primarily remote, with occasional onsite presence. Future onsite requirements could be 2-3 days per week.)

Position Responsibilities:

We are seeking an experienced AWS Cloud Security Architect for a 6+ month contract-to-hire opportunity. In this strategic position, you will serve as the technical and architectural lead for securing enterprise AWS cloud environments, guiding and enabling large-scale cloud migration efforts. You will play a critical role in bridging hands-on technical knowledge with strategic oversight—ensuring that robust security controls, compliance standards, and scalable architectures are integrated across every phase of design and deployment.

Key responsibilities include:

• Technical Leadership & Strategy:
  • Serve as the primary IT Security Architect overseeing the buildout, security, and scalability of the enterprise AWS environment.
  • Establish a cloud security architecture roadmap in alignment with organizational IT Security goals and the broader hybrid cloud strategy.
  • Collaborate with cross-functional teams (Infrastructure, Enterprise Architecture, Compliance) to ensure secure and compliant cloud adoption and migrations.
• Cloud Security Architecture & Engineering:
  • Design and validate implementation of AWS security configurations and controls that align with relevant frameworks (NIST CSF, CIS Benchmarks, ISO 27001).
  • Architect and maintain secure IAM, encryption standards, and network segmentation for AWS workloads.
  • Develop secure migration strategies for workloads moving from Azure and on-premise environments into AWS, ensuring consistency, governance, and compliance are maintained.
  • Champion the use of Infrastructure-as-Code (Terraform, CloudFormation) and automation tools to enforce baseline security configurations and detect configuration drift.
  • Collaborate with DevOps teams to integrate security best practices and scanning into CI/CD pipelines.
• Governance, Risk & Compliance:
  • Ensure AWS security controls meet organizational and regulatory compliance requirements (e.g., SOC 2, PCI, NIST CSF).
  • Oversee implementation and tuning of AWS-native security tools (GuardDuty, Security Hub, Config, CloudTrail) for ongoing monitoring and assurance.
  • Support audit readiness through documentation, evidence maintenance, and control testing.
  • Partner with Risk and GRC colleagues to translate compliance requirements into actionable technical controls.
• Monitoring & Incident Response:
  • Work closely with the Security Operations Center (SOC) to develop and tune detection rules, log collection, and automated response workflows for AWS.
  • Lead or participate in cloud-related security incident investigations and coordinate remediation across teams.
  • Evaluate and recommend new AWS native and third-party security technologies to improve detection, response, and prevention capabilities.
• Collaboration & Enablement:
  • Enable Infrastructure and Application teams to embed security from the earliest stages of project design and delivery.
  • Develop and maintain comprehensive documentation, including cloud security standards, architecture diagrams, and operational runbooks.
  • Demonstrate technical leadership in design reviews, risk assessments, and evaluation of cloud security solutions.

Essential Skills, Experience

• 5+ years of experience in IT Security or Cloud Security roles, with at least 3 years in a senior or lead architectural capacity.
• Extensive hands-on expertise with AWS architecture, governance, and security controls.
• Demonstrated track record of migrating and securing hybrid environments including Azure and on-premise infrastructure.
• Deep understanding of IAM, encryption, key management, networking, and monitoring in AWS environments.
• Strong experience with Infrastructure-as-Code (Terraform, CloudFormation) and automation scripting (Python, PowerShell, Bash).
• Proficient in applying security frameworks and standards, including NIST CSF, CIS Benchmarks, and ISO 27001.
• Well-versed in audit readiness and compliance-driven environments (SOC 2, PCI, NIST CSF, etc.).
• Familiarity with core AWS security services such as GuardDuty, Security Hub, Config, CloudTrail, and others.
• Strong collaboration, communication, and project leadership skills, with experience engaging technical and executive stakeholders.
• Proactive, analytical, and solution-oriented mindset with a focus on balancing risk, compliance, and business enablement.

Qualifications:

• Required:
  • Relevant Bachelor’s degree or equivalent work experience in Computer Science, Information Systems, Cybersecurity, or related field.
• Preferred:
  • Current AWS Certified Security – Specialty or AWS Solutions Architect – Professional certification.
  • Experience with container and serverless security (EKS, ECS, Lambda).
  • Familiarity with Zero Trust models and technologies (e.g., Zscaler, Cloudflare, Okta).
  • Background in supporting SOC 2, PCI DSS, or ISO 27001 audit readiness initiatives.
  • Demonstrated ability to drive security solutions in large, distributed enterprise environments.

ECCO Select is committed to hiring and retaining a diverse workforce. Our policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Veterans of our United States Uniformed Services are specifically encouraged to apply for ECCO Select opportunities.

Equal Employment Opportunity is The Law
This Organization Participates in E-Verify

Apply