Cloud Security Architect
Warner Bros. Discovery · Sterling, VA · 1 wk ago
Information Technology$133k–$247k/yrFull-time
About the role
The Cloud Security Architect is a hands-on security leader with deep expertise in designing, securing, and assessing enterprise-scale public cloud environments. This role partners closely with engineering and product teams to embed security into cloud architectures, platforms, and workflows across AWS, with a working knowledge and experience of Azure and GCP in case of emergency support/maintenance is required.
Role Responsibilities
- Serve as a Cloud Security Subject Matter Expert (SME) for Warner Bros. Discovery’s Information Security organization, providing authoritative guidance on public cloud security architecture and engineering.
- Proactively identify cloud security risks across AWS, Azure, and GCP environments, design pragmatic mitigation strategies, and lead or influence implementation efforts in partnership with engineering teams.
- Design and produce clear, actionable architecture and security design artifacts to enable the Cloud Security team to implement solutions, whether developed in-house or delivered via third-party vendors.
- Partner closely with product and platform engineering teams to design, review, and validate secure network, compute, container, and serverless architectures.
- Provide hands-on IAM guidance, including policy design and review, to ensure least-privilege access models are consistently implemented across cloud environments.
- Review cloud architecture and AI/ML workloads to advise development teams on secure design patterns, data protection, identity controls, and potential security gaps prior to deployment.
- Engage with public cloud service providers to evaluate and influence security features, roadmap capabilities, and best-practice implementations.
- Mentor and support junior cloud security team members through technical guidance, design reviews, and knowledge sharing.
- Develop and maintain cloud security documentation, including architectural standards, reference designs, configuration guidelines, and operational processes.
- Collaborate with senior leadership and cross-functional stakeholders to assess current and future cloud security requirements and align solutions with business and technology strategy.
- Continuously stay current with emerging cloud threats, attack techniques, and security tooling, applying this knowledge to improve WBD’s cloud security posture.
Qualifications & Experience Required
- Bachelor’s degree in computer science, Information Security, or a related technical discipline, or equivalent practical experience with 6-8 years of strong experience.
- Strong hands-on understanding of public cloud infrastructure components and architectures, with demonstrated ability to identify and mitigate security risks in decentralized, hybrid, and multi-account cloud environments.
- Solid understanding of information security principles, risk management, and compliance frameworks, and how they apply to large-scale public cloud platforms.
- Proven experience designing, building, and securing AWS-based cloud environments, with meaningful hands-on experience in Azure; exposure to GCP is a plus.
- Ability to automate security processes end-to-end and collaborate closely with cloud engineering and product teams to integrate security into CI/CD pipelines and development workflows.
- Proficiency in at least one modern scripting or programming language (e.g., Python, Go, or Node.js) for automation, tooling, and integrations.
- Strong foundational knowledge of IP networking concepts, including routing, VPNs, DNS, and network segmentation in cloud environments.
- Hands-on experience in several of the following areas: Cloud security administration across AWS, Azure, and/or GCP, Designing and securing serverless applications and managed cloud services, Infrastructure-as-Code tools such as Terraform, CloudFormation, or Ansible, Command-line tooling (Bash, PowerShell, AWS CLI, Azure CLI), Container and orchestration technologies (Docker, Kubernetes), Cloud network architecture and VPC/VNet engineering, Cloud-native security services (e.g., AWS GuardDuty, Azure Defender for Cloud, GCP Security Command Center, WAF), Source control and pipeline security (e.g., GitHub Security features).
- Excellent verbal and written communication skills, with the ability to clearly articulate complex technical concepts to both technical and non-technical audiences.
- Demonstrated ability to manage multiple priorities and remain effective in a fast-paced, rapidly changing environment.
- Strong curiosity and commitment to continuous learning, with a desire to stay current on emerging cloud security threats, tools, and best practices.
Nice to Haves
- One or more current cloud provider certifications demonstrating advanced knowledge of cloud architecture and security, such as: AWS: Solutions Architect (Associate or Professional), Security – Specialty, Azure: Azure Fundamentals, Azure Solutions Architect Expert, GCP: Associate Cloud Engineer, Professional Cloud Security Engineer.
- Industry-recognized security certifications reflecting a strong security foundation, such as CISSP or CompTIA Security+.
- Hands-on experience with cloud security platforms and tooling, including CSPM/CNAPP solutions (e.g., Wiz), SIEM and observability tools (e.g., Splunk), and cloud risk or asset management platforms (e.g., Brinqa).
- Experience integrating security tooling and workflows with engineering collaboration platforms such as Slack, Jira, and CI/CD pipelines.
Pay Range
$133,140.00 - $247,260.00 salary per year.