Capco, a Wipro company, is a management & technology consultancy dedicated to the financial services & energy industries
Cloud Architect – Security & Guardrails (AWS/Azure) (She/ He/ They)
Location
Poland
Posted
7 days ago
Salary
0
Seniority
Senior
Job Description
Cloud Architect – Security & Guardrails (AWS/Azure) (She/ He/ They)
Capco
CAPCO POLAND *We are looking for Poland based candidate. At Capco, we specialize in management consulting and technology transformation for the financial services industry. We combine innovative thinking with deep industry expertise to help our clients navigate complex change, deliver meaningful outcomes, and build future-ready organizations. Our culture is entrepreneurial, collaborative, and inclusive. We empower our people to challenge the status quo, take ownership, and make an impact from day one. As we continue to expand our Cloud and Cybersecurity capabilities, we are looking for an experienced Cloud Architect – Security & Guardrails (AWS/Azure) to help shape and secure enterprise-scale cloud environments. ROLE OVERVIEW: We are seeking a highly skilled Cloud Architect specializing in Multi-Cloud Security Operations and Governance to secure and enhance enterprise AWS and Azure environments. This role goes beyond traditional cloud architecture. You will design and implement robust defense-in-depth security frameworks, establish automated compliance guardrails, integrate advanced security platforms, and drive cloud security governance across complex environments. Working at the intersection of Cloud Engineering, Cybersecurity, Risk, and Security Operations, you will play a key role in ensuring cloud platforms remain secure, compliant, resilient, and continuously monitored. KEY RESPONSIBILITIES: - Cloud Security Governance & Guardrails - Design, implement, and enforce security baselines and preventative guardrails across AWS and Azure environments. - Develop governance frameworks leveraging: - AWS Organizations - Service Control Policies (SCPs) - AWS Control Tower - Azure Policy - Azure Landing Zones - Ensure alignment with internal security standards, regulatory requirements, and industry best practices. SIEM, Monitoring & Logging Architecture - Design and optimize multi-cloud logging and monitoring strategies. - Build scalable telemetry pipelines integrating: - AWS CloudTrail - Amazon GuardDuty - Azure Activity Logs - Microsoft Defender for Cloud - Enable centralized visibility through enterprise SIEM platforms such as: - Microsoft Sentinel - Splunk - Support real-time threat detection, correlation, investigation, and alerting capabilities. Endpoint & Workload Protection - Define architecture and deployment strategies for: - EDR/XDR solutions - Cloud Workload Protection Platforms (CWPP) - Secure virtual machines, containers, Kubernetes environments, and serverless workloads across cloud platforms. - Collaborate with Security Operations teams to enhance threat detection and response. Vulnerability & Security Posture Management - Implement and optimize Cloud Security Posture Management (CSPM) capabilities. - Establish enterprise vulnerability management processes across cloud assets. - Enable continuous security scanning for: - Cloud misconfigurations - Infrastructure vulnerabilities - Container images - Operating systems - Develop automated remediation workflows and security playbooks. Identity & Access Security - Design and enforce Zero-Trust security principles. - Strengthen Identity and Access Management (IAM) governance across cloud platforms. - Implement: - Just-In-Time (JIT) access - Privileged Access Management (PAM) - Role-Based Access Control (RBAC) - Federated identity solutions - Partner with security stakeholders to reduce privileged access risks. Security Technology Integration - Evaluate, deploy, and govern best-in-class cloud security technologies. - Integrate third-party security platforms including: - CyberArk - Wiz - Palo Alto Prisma Cloud - CrowdStrike - Other strategic security tooling - Drive consistent security controls and operational excellence across the cloud ecosystem. REQUIRED QUALIFICATIONS: - Extensive experience designing and securing enterprise-scale AWS and Azure environments.Deep knowledge of cloud-native security services, controls, and governance frameworks.Hands-on expertise with: - SIEM platforms - EDR/XDR technologies - Vulnerability management solutions - CSPM tools Strong experience implementing: - Azure Policy - AWS Control Tower - Service Control Policies (SCPs) - Cloud governance frameworks Advanced Infrastructure as Code (IaC) skills, particularly with Terraform.Experience embedding security controls into CI/CD and cloud deployment pipelines.Strong understanding of: - Modern cyber threats - MITRE ATT&CK framework - Cloud attack vectors - Security monitoring and incident response processes Proven ability to collaborate effectively with: - Cloud Engineering teams - Security Operations Centers (SOC) - Risk, Compliance, and Audit functions Excellent stakeholder management and communication skills. We offer a flexible collaboration model based on a B2B contract, with the opportunity to work on diverse projects. Recruitment Process: - HR Interview with the recruiter - Technical Interview - Client Interview - Feedback and offer #LI-HYBRID
Related Guides
Related Categories
Related Job Pages
More Cloud Engineer Jobs
Manager – Azure Data Architect
EXLWe make sense of data to drive your business forward. #MakeSenseofData #DriveYourBusinessForward #PartnerYourWay
• Data modeling (conceptual, logical, physical) • Designing end-to-end data architectures (ingestion → storage → processing → consumption) • Defining standards for schemas, naming, versioning, and reuse • Storage & Processing – relational databases, big data & analytics platforms, object storage • Cloud Architecture – Azure/Microsoft Fabric fundamentals, cost optimization & scalability patterns, security & networking basics • Translating business requirements into data structures • Understanding business processes and operating models • Explaining complex architectures to non-technical stakeholders • Creating clear architecture diagrams and decision documents • Facilitating design workshops and tradeoff discussion
Cloud Security Engineer
CasheaCompra ahora y paga después, en cuotas sin interés. El impulso que mereces.
• Implementar y endurecer las defensas de la infraestructura en la nube • Garantizar la integridad, confidencialidad y disponibilidad de los datos • Optimizar Google Cloud Armor y firewalls de nueva generación para mitigar ataques DDoS • Controlar la jerarquía de la organización mediante "Guardrails" y "Organization Policies" • Asegurar entornos críticos como GKE (Kubernetes) • Integrar herramientas de escaneo de vulnerabilidades en los pipelines de CI/CD • Desarrollar módulos de Terraform que incluyan controles de seguridad embebidos • Administrar el ciclo de vida de identidades no humanas y certificados SSL • Escribir reglas de cumplimiento automatizadas para bloquear recursos inseguros • Configurar ingesta de logs críticos hacia el SIEM
Cloud Computing Intern
RealCloudSuas cargas de trabalho na nuvem, com disponibilidade, desempenho, segurança, governança e custos otimizados por IA e ML
• Interns will receive training and preparation to obtain technical certifications, such as AWS certifications at the Practitioner, Associate and Professional levels, AWS AI Practitioner, among others. • They will work alongside the technical team to support requests related to the solutions offered. • They will assist in planning and executing tasks within the Services area and in promoting solutions for public cloud platforms. • They will write articles and blog posts related to their area of work and learning.
• Lead Oracle Service Cloud functional design and configuration. • Gather and analyze customer service and contact center. • Configure case management, workflows, business rules, and knowledge management. • Conduct workshops, fit-gap assessments, and solution demonstrations. • Develop functional specifications and business process documentation. • Support Service Cloud integrations with OFS and enterprise applications. • Lead functional testing and user acceptance activities. • Facilitate training and change management sessions. • Collaborate closely with business and technical teams. • Ensure alignment with customer service transformation goals.




