Job Title: Cloud Security Architect – Cloud Center of Excellence
Department: Cloud Center of Excellence (CCoE)
Location: Brussels / Hybrid
Contract: Full-time
Role Summary
You are a battle-tested cloud security architect with 15+ years of experience securing critical infrastructure. you’ll lead the security-by-design agenda across AWS, Azure, and hybrid workloads, embedding controls into every layer—from Terraform modules to Zero Trust access patterns. You won’t just advise. You’ll architect, review code, and steer execution across the cloud lifecycle with platform, SOC, and architecture teams. Regulatory readiness (NIS2), enterprise resilience, and secure cloud automation—this is your domain.
Key Responsibilities
Cloud Security Architecture & Design
* Lead design and enforcement of secure architectures for AWS and Azure (multi-account, multi-subscription).
* Define and maintain end-to-end security blueprints: identity, network, encryption, logging, container runtime, secrets, WAF.
* Build reusable Terraform and Bicep modules with embedded controls (e.g., KMS, private endpoints, logging).
* Validate workload isolation (hub/spoke, VNET/NSG/NACL) and implement advanced network segmentation with Azure Firewall, AWS TGW, NAT Gateway, and PrivateLink.
Security-as-Code & DevSecOps
* Enforce policy-as-code using Azure Policy, OPA, SCPs, and Service Control Policies for AWS Organizations.
* Integrate security controls into CI/CD pipelines (Azure DevOps, GitHub Actions) and runtime checks (Defender for Cloud, AWS Config).
* Drive shift-left security: IaC scanning (Checkov, tfsec), container scanning (Trivy, ECR/ACR policies), and workload attestation.
* Architect secure patterns for Kubernetes (AKS/EKS) with RBAC, Pod Security Policies, egress lockdown, and image signing.
Governance, Compliance & Risk
* Translate regulatory requirements (NIS2, ISO 27001, PCI DSS, DORA) into actionable cloud controls.
* Design and implement continuous compliance frameworks across cloud estates.
* Lead security architecture reviews, threat models, and risk assessments for new digital and modernization programs.
Advisory, Incident Support & Operational Maturity
* Act as senior escalation for cloud-related incidents; contribute to forensics and root cause analysis.
* Coach teams on secure architecture standards and support the SOC in tuning detections for cloud-native threats
* Contribute to hardening playbooks, vulnerability remediation guides, and incident runbooks.
Required Experience
* 15+ years in IT/security, with 10+ years in cloud security architecture roles.
* Deep expertise in AWS and Azure security services (IAM, KMS, VPC/NSG/Security Groups, Defender, Security Hub, Sentinel, etc.).
* Hands-on with Terraform, Bicep, GitOps, container security, and policy automation.
* Demonstrated delivery of security frameworks at enterprise scale in regulated industries (finance, logistics, public sector).
Certifications (Required/Preferred)
* Required (at least 2):
o AWS Certified Security – Specialty
o Microsoft Certified: Azure Security Engineer Associate (AZ-500)
o CISSP or CCSP
* Preferred: TOGAF, SABSA, GIAC Cloud Security Certifications (GCLD, GCSA)
What You Bring
* Architecture mindset with a coder’s hands.
* Ability to speak both security and platform engineering fluently.
* Relentless focus on automation, detection, and resilient design.
* Strategic understanding of regulatory impact (NIS2/DORA) on cloud-native architectures.