Senior Cloud Security Architect- Cleveland, OH, Austin, TX or Atlanta, GA
About the role
OEC provides software solutions to those who work in the automotive parts and repair industry. Our solutions make it easier for automotive industry professionals to buy and sell parts, conduct repair research & planning, optimize estimates, improve the parts supply chain, and more. OEC partners with many of the world’s largest manufacturers, dealers and suppliers, shops and repairers, and service providers, giving our customers access to a comprehensive network and a streamlined workflow.
Responsibilities
- Design secure reference architectures and reusable security patterns for AWS workloads, including identity, networking, encryption, logging, monitoring, and secrets management.
- Implement and operate enterprise AWS guardrails using Organizations, Control Tower, SCPs, AWS Config (managed and custom rules), Security Hub, GuardDuty, Detective, Macie, WAF/Shield, and AWS Network Firewall.
- Apply least-privilege IAM using roles, permission boundaries, session policies, IAM Identity Center, SAML/OIDC federation, and ABAC/RBAC where appropriate.
- Use IAM Access Analyzer and automated validation to identify and reduce risk.
- Design secure VPC architectures, including subnet strategy, private endpoints, NAT and egress controls, Transit Gateway, Route 53, DNS Firewall, centralized ingress/egress, and service-to-service authentication.
- Establish detection-as-code and telemetry standards using CloudTrail, VPC Flow Logs, Route 53, RDS, ALB/NLB, and S3 access logs; integrate detections with SIEM/SOAR platforms.
- Support incident response through detections, playbooks, and tabletop exercises.
- Review designs, provide architectural guidance, and produce clear documentation and runbooks.
Requirements
Candidates must personally complete all interviews and technical assessments. The use of proxies or third-party representatives during any stage of the hiring process is prohibited and will result in disqualification. Final candidates will be required to participate in at least one in-person interview. Some travel for this role is expected. Reasonable accommodations will be provided in accordance with applicable laws.
Qualifications
- Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or a related field required.
- Equivalent, directly relevant experience may be considered in lieu of a degree.
Skills
- Hands-on expertise with AWS security services and controls, including Organizations, Control Tower, IAM/IAM Identity Center, KMS, Security Hub, GuardDuty, Detective, Macie, WAF/Shield, AWS Network Firewall, CloudTrail, Config, CloudWatch, VPC, Route 53, ECS, and Secrets Manager/Parameter Store.
- Strong background in cloud identity and Zero Trust patterns, including workload identity, JIT access, break-glass design, and ABAC where appropriate.
- Experience securing data at scale, including classification, DLP, tokenization, and access governance.
- Deep understanding of networking and isolation patterns, including multi-region architectures, hybrid connectivity, egress controls, private endpoints, and service-to-service authentication.
- Proficiency with infrastructure-as-code and automation tools (Terraform, Python/Bash, policy-as-code).
- Experience with container and serverless security, including ECS hardening, image attestations, runtime controls, and least-privilege Lambda patterns.
- Detection engineering experience, including logging strategies, detections-as-code, and SIEM/SOAR integration.
- Familiarity with incident response and security investigations.
- Strong governance, risk, and compliance knowledge with the ability to map controls to CIS, NIST, ISO, PCI, and HIPAA frameworks (as applicable).
Benefits
- Full benefits starting Day 1: Medical, Dental, and Vision
- 401(k) with company match
- Unlimited Flex Time Off plus 10 company-paid holidays
- Remote-first role with monthly communication stipend
- Professional development programs, tuition assistance, and quarterly book program
- Free wellness coaching and pet insurance
- Home office equipment stipend
Schedule
Full-time position with occasional travel for key initiatives.
Pay
Competitive salary commensurate with experience.
Company Information
OEC is an Equal Opportunity/ Affirmative Action employer. We provide equal employment opportunities to all qualified employees and applicants for employment without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, veteran status, disability or any other legally protected status. We prohibit discrimination in decisions concerning recruitment, hiring, compensation, benefits, training, termination, promotions, or any other condition of employment or career development.
OEConnection Information
We provide equal employment opportunities to all qualified employees and applicants for employment without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, veteran status, disability or any other legally protected status. We prohibit discrimination in decisions concerning recruitment, hiring, compensation, benefits, training, termination, promotions, or any other condition of employment or career development.