Afarax is looking for a freelance Cloud Security Architect – Cloud Center of Excellence. We need you!
The project:
Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Cloud Security Architect – Cloud Center of Excellence to strengthen their team.
Key responsibilities:
Cloud Security Architecture & Design
* Lead design and enforcement of secure architectures for AWS and Azure (multi-account, multi-subscription).
* Define and maintain end-to-end security blueprints: identity, network, encryption, logging, container runtime, secrets, WAF.
* Build reusable Terraform and Bicep modules with embedded controls (e.g., KMS, private endpoints, logging).
* Validate workload isolation (hub/spoke, VNET/NSG/NACL) and implement advanced network segmentation with Azure Firewall, AWS TGW, NAT Gateway, and PrivateLink.
Security-as-Code & DevSecOps
* Enforce policy-as-code using Azure Policy, OPA, SCPs, and Service Control Policies for AWS Organizations.
* Integrate security controls into CI/CD pipelines (Azure DevOps, GitHub Actions) and runtime checks (Defender for Cloud, AWS Config).
* Drive shift-left security: IaC scanning (Checkov, tfsec), container scanning (Trivy, ECR/ACR policies), and workload attestation.
* Architect secure patterns for Kubernetes (AKS/EKS) with RBAC, Pod Security Policies, egress lockdown, and image signing.
Governance, Compliance & Risk
* Translate regulatory requirements (NIS2, ISO 27001, PCI DSS, DORA) into actionable cloud controls.
* Design and implement continuous compliance frameworks across cloud estates.
* Lead security architecture reviews, threat models, and risk assessments for new digital and modernization programs.
Advisory, Incident Support & Operational Maturity
* Act as senior escalation for cloud-related incidents; contribute to forensics and root cause analysis.
* Coach teams on secure architecture standards and support the SOC in tuning detections for cloud-native threats (MITRE ATT&CK for Cloud).
* Contribute to hardening playbooks, vulnerability remediation guides, and incident runbooks.
Is this you?
* 15+ years in IT/security, with 10+ years in cloud security architecture roles.
* Deep expertise in AWS and Azure security services (IAM, KMS, VPC/NSG/Security Groups, Defender, Security Hub, Sentinel, etc.).
* Hands-on with Terraform, Bicep, GitOps, container security, and policy automation.
* Demonstrated delivery of security frameworks at enterprise scale in regulated industries (finance, logistics, public sector).
Certifications (Required/Preferred)
Required (at least 2):
* AWS Certified Security – Specialty
* Microsoft Certified: Azure Security Engineer Associate (AZ-500)
* CISSP or CCSP
Preferred: TOGAF, SABSA, GIAC Cloud Security Certifications (GCLD, GCSA)
* Architecture mindset with a coder’s hands.
* Ability to speak both security and platform engineering fluently.
* Relentless focus on automation, detection, and resilient design.
* Strategic understanding of regulatory impact (NIS2/DORA) on cloud-native architectures.
How afarax supports you?
* You benefit from our extensive network
* You will have access to projects that fit your expertise
* We help and support you throughout your project
* We offer the possibility to build a valuable and lasting partnership
Check out more projects on: https://afarax.be/jobs/type/freelance/