Afarax is looking for a freelance Cloud Security Architect – Cloud Center of Excellence. We need you!
The project:Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Cloud Security Architect – Cloud Center of Excellence to strengthen their team.
Key responsibilities:Cloud Security Architecture & DesignLead design and enforcement of secure architectures for AWS and Azure (multi-account, multi-subscription).Define and maintain end-to-end security blueprints : identity, network, encryption, logging, container runtime, secrets, WAF.Build reusable Terraform and Bicep modules with embedded controls (e.g., KMS, private endpoints, logging).Validate workload isolation (hub/spoke, VNET/NSG/NACL) and implement advanced network segmentation with Azure Firewall, AWS TGW, NAT Gateway, and PrivateLink .
Security-as-Code & DevSecOpsEnforce policy-as-code using Azure Policy, OPA, SCPs, and Service Control Policies for AWS Organizations.Integrate security controls into CI/CD pipelines (Azure DevOps, GitHub Actions) and runtime checks (Defender for Cloud, AWS Config).Drive shift-left security: IaC scanning (Checkov, tfsec), container scanning (Trivy, ECR/ACR policies), and workload attestation.Architect secure patterns for Kubernetes (AKS/EKS) with RBAC, Pod Security Policies, egress lockdown, and image signing.
Governance, Compliance & RiskTranslate regulatory requirements ( NIS2, ISO 27001, PCI DSS, DORA) into actionable cloud controls.Design and implement continuous compliance frameworks across cloud estates.Lead security architecture reviews, threat models, and risk assessments for new digital and modernization programs.
Advisory, Incident Support & Operational MaturityAct as senior escalation for cloud-related incidents; contribute to forensics and root cause analysis.Coach teams on secure architecture standards and support the SOC in tuning detections for cloud-native threats (MITRE ATT&CK for Cloud).Contribute to hardening playbooks, vulnerability remediation guides, and incident runbooks.
Is this you?15+ years in IT/security, with 10+ years in cloud security architecture roles.Deep expertise in AWS and Azure security services (IAM, KMS, VPC/NSG/Security Groups, Defender, Security Hub, Sentinel, etc.).Hands-on with Terraform, Bicep, GitOps, container security, and policy automation.Demonstrated delivery of security frameworks at enterprise scale in regulated industries (finance, logistics, public sector).
Certifications (Required/Preferred)Required (at least 2):AWS Certified Security – SpecialtyMicrosoft Certified: Azure Security Engineer Associate (AZ-500)CISSP or CCSPPreferred: TOGAF, SABSA, GIAC Cloud Security Certifications (GCLD, GCSA)
Architecture mindset with a coder's hands.Ability to speak both security and platform engineering fluently.Relentless focus on automation, detection, and resilient design.Strategic understanding of regulatory impact (NIS2/DORA) on cloud-native architectures.
How afarax supports you?You benefit from our extensive networkYou will have access to projects that fit your expertiseWe help and support you throughout your projectWe offer the possibility to build a valuable and lasting partnershipCheck out more projects on: https://afarax.be/jobs/type/freelance/