Cloud Security Architect – Cloud Center of Excellence
AMMGroup
- Brussel
- Vast
- Voltijds
Location: Brussels / Hybrid
Contract: Full-timeRole SummaryYou are a battle-tested cloud security architect with 15+ years of experience securing critical infrastructure. you’ll lead the security-by-design agenda across AWS, Azure, and hybrid workloads, embedding controls into every layer—from Terraform modules to Zero Trust access patterns. You won’t just advise. You’ll architect, review code, and steer execution across the cloud lifecycle with platform, SOC, and architecture teams. Regulatory readiness (NIS2), enterprise resilience, and secure cloud automation—this is your domain.Key ResponsibilitiesCloud Security Architecture & DesignLead design and enforcement of secure architectures for AWS and Azure (multi-account, multi-subscription).
Define and maintain end-to-end security blueprints: identity, network, encryption, logging, container runtime, secrets, WAF.
Build reusable Terraform and Bicep modules with embedded controls (e.g., KMS, private endpoints, logging).
Validate workload isolation (hub/spoke, VNET/NSG/NACL) and implement advanced network segmentation with Azure Firewall, AWS TGW, NAT Gateway, and PrivateLink.Security-as-Code & DevSecOpsEnforce policy-as-code using Azure Policy, OPA, SCPs, and Service Control Policies for AWS Organizations.
Integrate security controls into CI/CD pipelines (Azure DevOps, GitHub Actions) and runtime checks (Defender for Cloud, AWS Config).
Drive shift-left security: IaC scanning (Checkov, tfsec), container scanning (Trivy, ECR/ACR policies), and workload attestation.
Architect secure patterns for Kubernetes (AKS/EKS) with RBAC, Pod Security Policies, egress lockdown, and image signing.Governance, Compliance & RiskTranslate regulatory requirements (NIS2, ISO 27001, PCI DSS, DORA) into actionable cloud controls.
Design and implement continuous compliance frameworks across cloud estates.
Lead security architecture reviews, threat models, and risk assessments for new digital and modernization programs.Advisory, Incident Support & Operational MaturityAct as senior escalation for cloud-related incidents; contribute to forensics and root cause analysis.
Coach teams on secure architecture standards and support the SOC in tuning detections for cloud-native threats
Contribute to hardening playbooks, vulnerability remediation guides, and incident runbooks.Required Experience15+ years in IT/security, with 10+ years in cloud security architecture roles.
Deep expertise in AWS and Azure security services (IAM, KMS, VPC/NSG/Security Groups, Defender, Security Hub, Sentinel, etc.).
Hands-on with Terraform, Bicep, GitOps, container security, and policy automation.
Demonstrated delivery of security frameworks at enterprise scale in regulated industries (finance, logistics, public sector).Certifications (Required/Preferred)Required (at least 2):AWS Certified Security – Specialty
Microsoft Certified: Azure Security Engineer Associate (AZ-500)
CISSP or CCSPPreferred: TOGAF, SABSA, GIAC Cloud Security Certifications (GCLD, GCSA)What You BringArchitecture mindset with a coder’s hands.
Ability to speak both security and platform engineering fluently.
Relentless focus on automation, detection, and resilient design.
Strategic understanding of regulatory impact (NIS2/DORA) on cloud-native architectures.