Cloud Security Architect

Purpose of the Position

The Cloud Security Architect is responsible for designing and optimizing secure architectures for cloud environments, with a primary focus on Microsoft Azure, M365, and related security technologies. This role ensures the effective deployment of cloud infrastructure and security solutions to address evolving threats. The architect collaborates across teams to guide security architecture and identity and access management (IAM) practices, while also overseeing the outsourced Security Operations Center (SOC) vendor.

By supporting the organization’s cloud-first strategy, the Cloud Security Architect ensures the security of operations and drives the adoption of best practices in SOC, IAM, and cloud security architecture.

Although the location of the position is in Newton, NJ, from time to time it may be required to undertake duties at other Thorlabs locations.

but are not limited to:

• Design secure cloud architectures that align with business requirements and mitigate security risks, primarily within the Microsoft technology stack (Azure, M365, Microsoft Sentinel, Defender suite, Intune, and Entra).
• Review and provide guidance on the implementation of cloud security technologies to ensure alignment with security operations, IT infrastructure, and operations best practices, enhancing the effectiveness of the security monitoring process in accordance with SOC standards.
• Ensure baseline security measures are in place, including identity and access controls, authentication, and authorization processes.
• Collaborate with IT teams to implement automated security controls and maintain secure cloud configurations across infrastructure.

• Collaborate with Security Engineering and IT Infrastructure and Operations teams to optimize and enhance a comprehensive suite of IAM tools and solutions, ensuring alignment with best practices.
• Lead the IAM architecture function through collaboration, encompassing identity management for service accounts, privileged accounts, and general access management.
• Establish IAM policies and procedures for Role-Based Access Control (RBAC), Privileged Access Management (PAM), certification processes, and Segregation of Duties (SoD).
• Define and recommend the operating model for IAM, including RACI, access policies, and procedures.
• Design the lifecycle of identities in alignment with Joiner-Mover-Leaver (JML) processes through collaborative effort.

• Oversee the outsourced SOC vendor to ensure security operations align with organizational needs and are continually enhanced.
• Monitor vendor performance and ensure timely response to security incidents, working closely with the SOC to optimize incident detection and response.
• Collaborate with the SOC to continuously improve security monitoring, alerting, and response protocols.

• Partner closely with Security Engineering, IT Infrastructure and Operations, Dev Ops, and GRC (Governance, Risk, and Compliance) teams to ensure security is embedded into all aspects of infrastructure and application development.
• Serve as the subject matter expert in cloud security, providing guidance and assurance to stakeholders.
• Lead the evaluation, acquisition, and divestiture of cloud security solutions to ensure the environment remains secure and up-to-date with emerging threats and requirements.
• Lead and nurture creativity in secure service delivery for the cloud.

This is largely a sedentary role; however, some filing is required. This would require the ability to lift files, open filing cabinets and bend or stand, as necessary.

• Minimum 7 years of experience in Enterprise IT.
• Minimum of 4 years in cloud security architecture or similar roles.
• Certifications such as CISSP, CISM, CEH or relevant Microsoft cloud certifications (Cybersecurity Architect and Azure Solutions Architect etc.) preferred.
• Expertise in designing and implementing security architecture in cloud environments, particularly with Microsoft Azure and M365.
• Experience in managing identity…