Senior Cloud Security Architect- Cleveland, OH, Austin, TX or Atlanta, GA

Senior Cloud Security Architect
- Cleveland, OH, Austin, TX or Atlanta, GA

Cleveland, OH, USA

OEC provides software solutions to those who work in the automotive parts and repair industry. Our solutions make it easier for automotive industry professionals to buy and sell parts, conduct repair research & planning, optimize estimates, improve the parts supply chain, and more. OEC partners with many of the world’s largest manufacturers, dealers and suppliers, shops and repairers, and service providers, giving our customers access to a comprehensive network and a streamlined workflow.

* Candidates must personally complete all interviews and technical assessments. The use of proxies or third-party representatives during any stage of the hiring process is prohibited and will result in disqualification. Final candidates will be required to participate in at least one in-person interview. Some travel for this role is expected. Reasonable accommodations will be provided in accordance with applicable laws.*

Designs, implements, and continuously improves AWS security architecture. Partners with cloud engineering, platform engineering, Dev Ops, Risk & Compliance, and product teams to build secure‑by‑default patterns, guardrails, and automation that enable delivery velocity without compromising security. Influences cloud security strategy while providing hands‑on architectural and engineering support.

• Design secure reference architectures and reusable security patterns for AWS workloads, including identity, networking, encryption, logging, monitoring, and secrets management.
• Implement and operate enterprise AWS guardrails using Organizations, Control Tower, SCPs, AWS Config (managed and custom rules), Security Hub, Guard Duty, Detective, Macie, WAF/Shield, and AWS Network Firewall.
• Apply least‑privilege IAM using roles, permission boundaries, session policies, IAM Identity Center, SAML/OIDC federation, and ABAC/RBAC where appropriate.
• Use IAM Access Analyzer and automated validation to identify and reduce risk.
• Design secure VPC architectures, including subnet strategy, private endpoints, NAT and egress controls, Transit Gateway, Route 53, DNS Firewall, centralized ingress/egress, and service‑to‑service authentication.
• Establish detection‑as‑code and telemetry standards using Cloud Trail, VPC Flow Logs, Route 53, RDS, ALB/NLB, and S3 access logs; integrate detections with SIEM/SOAR platforms.
• Support incident response through detections, playbooks, and tabletop exercises.
• Embed security into CI/CD pipelines using policy‑as‑code, Terraform checks, container and image scanning, SBOMs, and pre‑commit hooks.
• Automate remediation and drift detection using Lambda, Step Functions, and Terraform.
• Map technical controls to security frameworks including CIS AWS Foundations, NIST, ISO 27001, SOC 2, PCI DSS, and HIPAA (as applicable).
• Conduct threat modeling (e.g., STRIDE) and risk assessments and drive remediation to closure.
• Review designs, provide architectural guidance, and produce clear documentation and runbooks.

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or a related field required.
• Equivalent, directly relevant experience may be considered in lieu of a degree.

• 7+ years of experience in cloud architecture and security, including leading cloud security programs or large‑scale AWS transformations.
• Hands‑on expertise with AWS security services and controls, including Organizations, Control Tower, IAM/IAM Identity Center, KMS, Security Hub, Guard Duty, Detective, Macie, WAF/Shield, AWS Network Firewall, Cloud Trail, Config, Cloud Watch, VPC, Route 53, ECS, and Secrets Manager/Parameter Store.
• Strong background in cloud identity and Zero Trust patterns, including workload identity, JIT access, break‑glass design, and ABAC where appropriate.
• Experience securing data at scale, including classification, DLP, tokenization, and access governance.
• Deep understanding of networking and isolation patterns, including multi‑region architectures, hybrid connectivity, egress controls, private endpoints, and…