DevSecOps Cloud Solution Architect

Cloud Security Solution Architect to act as the subject matter expert regarding cloud security, and DevSecOps; providing guidance and recommendations to team members and senior leadership about their cloud security strategy.

Montreal, QC (hybrid)

Permanent, Full time

As a Cloud Application Solution Architect (CSA) - Security you will be responsible for driving divisions application security transformation into the cloud platforms. You will work with divisions to develop secure applications and software running on the cloud. You will help with secure design decisions, driving DevSecOps framework and governance and help guide other security engineers in this area. You will interface and lead in-depth technical security architecture discussions with Developers, Enterprise Security Architects, solution architects and potential external customers

Essential Functions:

• Act as subject matter expert regarding cloud security, DevSecOps and associated tools; providing guidance and recommendations to team members and senior leadership.
• Be defining, deploying and maintaining cloud application security standards and cloud security testing standards for Eaton Digital products
• Assist in driving the strategic direction of the DevSecOps Program framework through partnerships with engineering, operations, IT and the business
• Assist in defining KPIs for the Cloud Application Security and advance the Cloud Application Security Program maturity and DevSecOps program efficiencies.
• Define Threat modeling framework and risk analysis of cloud applications and back-end components and Perform Threat Modeling on complex Cloud application security.
• Identify and recommend compensating controls to reduce risk of specific vulnerabilities.
• Participate in the evaluation and selection of vendors, security tools, and risk reporting systems.
• Help build the DevSecOps capabilities across Eaton through Training and development of new course content
• Create thorough documentation of solutions and best practices, developing knowledge base for use by the team members
• Research industry trends and new technologies; implement new procedures as needed to improve cloud security infrastructure

Must have:

• 5+ years experience in cloud security, including secure SDLC practices, security and privacy by design architectures, threat modelling, secure by default configurations, supply chain security, and security hardening.
• 4+ years of experience in leading and deploying DevSecOps in Cloud applications.
• Experience working within Cloud environments, preferably Azure. Experience with AWS, GCP, and other clouds is a plus.
• Technical Certifications related to Cloud Security (e.g., Azure, Amazon Web Services, Google, security certifications) such as CCSP, OSCP, GPCS, GCPN, and GCSA.
• Experience implementing compliance frameworks such as CIS Benchmarks, CSA Cloud Controls Matrix (CCM 4.0) and/or NIST CSF.

Nice to have:

• Experience with Azure Security Center 
• Ability to read and write French
• Experience working in a Multi-national large-scale Enterprise
• Bachelors in Computer science, Cybersecurity, or a comparable degree from an accredited institution.
• Experience in designing a Zero Trust strategy and architecture.
• Experience in developing & deploying Governance Risk Compliance (GRC) technical strategies and security operations strategies.