Cloud Security Architect

Job description

**Please read before submitting application:
This role sits 100% on-site in Denver, CO or Chicago, IL.

Mon-Friday, traditional hours.

Applicants must be within a commutable distance, or be willing to relocate to one of these locations.

This contract is slated for 6 months, with the possibility of extension and/or conversion to FTE.

No guarantees.

We can support candidates eligible to work directly on W2 without W2 sponsorship.**
Description
We are looking for a Cloud Security Technology Engineer to join an exciting team within Global Information Security (GIS) to support a large Financial Services Cleint in either Denver, CO or Chicago, IL.

Cyber Security Technology (CST) is a globally distributed team responsible for cyber security innovation and architecture, engineering, solutions and capabilities development, cyber resiliency, access management engineering, data strategy, deployment maintenance, technical project management and information technology security control support.
Teammates in this role deliver moderately complex tools and systems that mitigate the risk of malicious cyber-attacks.

Individuals in this role contribute to the protection of system boundaries, keeping computer systems and network devices hardened against attacks and secure sensitive data.

It is important that those in this role actively create and nurture partnerships with peer teams and identify opportunities for cross-team collaboration.

Individuals in this role operate within a structured environment with some oversight but are eager to take initiative and tackle complex problems within one or more security engineering domains.

This role may mentor one or more junior team members.

They typically have 3–5 years of experience in information security technology.
Candidates MUST have:
1) Experience with AWS OPA (Open Policy Agent) is a must and then if they have the other AWS services like SCP, SecurityHub, Config, EventBridge and SSM is a plus.

Need to have used or written RGOs for these OPA rules.
2) Broad knowledge of information cloud security technologies, techniques and processes and excitement to grow that knowledge within one or more security-engineering domains.
- Experience identifying, defining, documenting and implementing security system requirements for AWS or Azure.

Focus will be on preventative, detective and auto-remediating controls.
- Develop and execute test plans and produce quantitative results.
- Drive complex technical information security projects to ensure on-time delivery.
- Identify and raise risks or potential vulnerabilities at all stages of the security- engineering process.
- Contribute to existing test suites (integration, regression, and performance), analyze test reports, identify any test issues/errors, and triage the underlying cause.
- Document and communicate required information for deployment, maintenance, support, and business functionality.
- Identify gaps in information security standards adherence and work with appropriate partners to develop plans to close gaps.
3) Experience with policy as code, CSPM, cloud/SaaS security management is helpful.

Writing RGOs as this is the language we are writing these OPA rules
Primary Level of Engagement:
Works as a senior contributing member of an initiative, under supervision of an engineering lead.
Key Responsibilities:
• Identify, define and document and implement security system requirements for AWS and other cloud service providers.

Focus will be on preventative, detective and auto-remediating controls.
• Develop and execute test plans and produce quantitative results.
• Leverage broad knowledge of information security technologies, techniques and processes and prepare to grow that knowledge within one or more security engineering domains.
• Drive complex technical information security projects to ensure on-time delivery.
• Identify and raise risks or potential vulnerabilities at all stages of the security- engineering process.
• Think outside the box to develop multiple solutions to complex problems.
• Work closely with a diverse set of stakeholders with varying priorities to debate and negotiate paths forward.
• Contribute to existing test suites (integration, regression, and performance), analyze test reports, identify any test issues/errors, and triage the underlying cause.
• Document and communicate required information for deployment, maintenance, support, and business functionality.
• Identify gaps in information security standards adherence and work with appropriate partners to develop plans to close gaps.
**Additional Info.

In this role you will:
- Read documents that are poorly written and figure out what this really means and what logic is needed to write in that RGO.
- Looking to do PaC in AWS, that is number 1 right now, then will including detective controls, SCP controls in a CSPM role, detective in the security hub and eventbridge it will be set up and hook up to automatically remediated,
- GIS specific Controls for anybody using AWS from the bank, been using it without controls and get those in place, you need to be secured if you are going to the cloud, this is to secure what we are putting into the cloud, build logging for AWS, secure the banks presence in the cloud
- Will engineer -and maintain this, not just build it and walk away, these rules require maintenance as the AWS services will change over time and change things
Terraform - IaC language to deploy out to the cloud
Additional Skills & Qualifications
• Experience at a financial institution is a plus.
• Ability to communicate (verbal and written) across all levels of the organization, from technical experts to senior executives.

Comfortable working with distributed team members using video conferencing, instant messaging, telephone calls, etc.
• Strong attention to detail, confident enough to raise questions and identify issues.
• Enjoys trouble shooting and puzzle solving.
We reserve the right to pay above or below the posted wage based on factors unrelated to sex, race, or any other protected classification.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment.

Benefits are subject to change and may be subject to specific elections, plan, or program terms.

This temporary role may be eligible for the following:

+ Medical, dental & vision

+ 401(k)/Roth

+ Insurance (Basic/Supplemental Life & AD&D)

+ Short and long-term disability

+ Health & Dependent Care Spending Accounts (HSA & DCFSA)

+ Transportation benefits

+ Employee Assistance Program

+ Time Off/Leave (PTO, Vacation or Sick Leave)


Pay and Benefits
The pay range for this position is $92.96 - $92.96/hr.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment.

Benefits are subject to change and may be subject to specific elections, plan, or program terms.

If eligible, the benefits available for this temporary role may include the following:
• Medical, dental & vision • Critical Illness, Accident, and Hospital • 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available • Life Insurance (Voluntary Life & AD&D for the employee and dependents) • Short and long-term disability • Health Spending Account (HSA) • Transportation benefits • Employee Assistance Program • Time Off/Leave (PTO, Vacation or Sick Leave)
Workplace Type
This is a fully onsite position in Denver,CO.
Application Deadline
This position is anticipated to close on Oct 28, 2025.
h4>About TEKsystems:
We're partners in transformation.

We help clients activate ideas and solutions to take advantage of a new world of opportunity.

We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia.

As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change.

That's the power of true partnership.

TEKsystems is an Allegis Group company.



The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
About TEKsystems and TEKsystems Global Services
We’re a leading provider of business and technology services.

We accelerate business transformation for our customers.

Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions.

We’re a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed.

We’re strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology.

We’re building tomorrow by delivering business outcomes and making positive impacts in our global communities.

TEKsystems and TEKsystems Global Services are Allegis Group companies.

Learn more at TEKsystems.com.

The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.

Required Skill Profession

Other General