Principal AWS Cloud Security Consultant- Remote (Anywhere in the U.S.)

We are seeking a highly skilled Cloud Security Consultant with deep expertise in AWS to lead the design, assessment, and governance of secure cloud environments for our clients. This role is central to delivering security consulting engagements, including architecture design, risk assessments, compliance mapping, and cloud-native control implementation. The ideal candidate will combine technical excellence in AWS and multi-cloud platforms with strong client advisory skills, helping organizations enhance their security posture, implement scalable guardrails, and adopt modern DevSecOps and CNAPP practices. This position also involves mentoring junior staff, contributing to internal methodologies, and supporting pre-sales and solutioning efforts within a fast-growing consultancy environment.

Roles and Responsibilities:

• Provide oversight for delivery teams, ensuring quality, consistency, and alignment with client objectives while fostering knowledge transfer and consistent execution
• Manage and resolve client escalations, balancing client satisfaction with project scope and delivery constraints
• Present findings and recommendations to executive stakeholders, lead technical workshops, and facilitate security strategy sessions
• As an individual contributor, provide consulting services on customer engagements and deliver security outcomes. Tasks may include:
  • Design secure cloud architectures and reference models for AWS and multi-cloud environments
  • Conduct in-depth cloud security assessments to identify security misconfigurations, architecture and cloud operational risks, and compliance gaps
  • Assist clients with continuous compliance and audit readiness in cloud environments
  • Conduct AWS security workshops, technical interviews, and stakeholder briefings
  • Prepare and present client deliverables including security roadmaps, process improvements, gap analyses, architecture diagrams, cloud security strategies, and custom deliverables based on client needs
• Contribute to internal methodologies, templates, and reusable assessment frameworks
• Mentor junior consultants and support knowledge sharing within the consultancy
• Assist with scoping and pre-sales activities including proposals and statements of work (SOWs)
• Collaborate with internal pre-sales teams to identify use-cases and opportunities for third-party security tooling (e.g., CNAPP, secrets management, data security, cloud detection and response, NHI [Non-Human Identity], etc.)

Requirements:

Experience & Technical Proficiency

• Minimum of 5 years designing AWS architecture and operating AWS workloads at scale
• AWS knowledge must include networking, data security, identity and access management, automation, and extensive hands-on with Amazon’s cloud-native security tooling services
• Demonstrated knowledge of emerging security patterns and best practices for AI/ML workloads in AWS, including securing SageMaker environments, implementing guardrails for generative AI services (Bedrock), and applying data protection controls for model training and inference pipelines
• Strong knowledge of IAM patterns (RBAC, ABAC), federated access, permission boundaries, SCPs, and RCPs
• Proficiency in Infrastructure as Code (Terraform, CloudFormation, CDK) and secure coding practices
• Experience with CIEM, CSPM, or CWPP tools
• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines
• Scripting and automation skills (e.g., Python, Bash, or PowerShell)
• Experience securing Kubernetes environments, including Amazon EKS and other managed Kubernetes platforms, with knowledge of pod security, RBAC, network policies, and container security best practices

Preferred:

• Minimum of 2 years of that experience must be as an internal IT/Security team member (not in a consulting capacity), demonstrating understanding of organizational ownership, operational realities, and internal stakeholder dynamics
• Working knowledge of the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM)
• Skilled in cloud infrastructure threat modeling, risk analysis, and mapping controls to frameworks (e.g., NIST, CIS, MITRE ATT&CK)

Leadership and Collaboration

• Ability to lead technical workshops, discovery sessions, and architecture reviews with clients
• Comfortable advising both technical and non-technical stakeholders on cloud security strategy
• Skilled in producing high-quality deliverables and communicating complex concepts clearly
• Experience mentoring junior staff or guiding cross-functional teams on cloud security best practices
• Collaborative mindset with a strong consulting presence and client service orientation

Education & Certifications

• Bachelor’s or equivalent experience in Cybersecurity, Computer Science, Engineering, or related field.
• Preferred certifications:
  • CISSP, CCSP, CCSK
  • AWS Cloud certifications: AWS Certified Security – Specialty, AWS Certified Solutions Architect – Professional
  • Other CSP Certifications: Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer
• Ongoing commitment to professional development and staying current with cloud and security trends and certifications.