[Remote] Principal AWS Cloud Security Consultant- Remote (Anywhere in the U.S.)
Note: The job is a remote job and is open to candidates in USA. GuidePoint Security is a rapidly growing cybersecurity firm that provides trusted expertise and solutions to organizations. They are seeking a highly skilled Cloud Security Consultant with deep expertise in AWS to lead the design, assessment, and governance of secure cloud environments for clients, ensuring quality and alignment with client objectives.ResponsibilitiesProvide oversight for delivery teams, ensuring quality, consistency, and alignment with client objectives while fostering knowledge transfer and consistent executionManage and resolve client escalations, balancing client satisfaction with project scope and delivery constraintsPresent findings and recommendations to executive stakeholders, lead technical workshops, and facilitate security strategy sessionsAs an individual contributor, provide consulting services on customer engagements and deliver security outcomes. Tasks may include:Design secure cloud architectures and reference models for AWS and multi-cloud environmentsConduct in-depth cloud security assessments to identify security misconfigurations, architecture and cloud operational risks, and compliance gapsAssist clients with continuous compliance and audit readiness in cloud environmentsConduct AWS security workshops, technical interviews, and stakeholder briefingsPrepare and present client deliverables including security roadmaps, process improvements, gap analyses, architecture diagrams, cloud security strategies, and custom deliverables based on client needsContribute to internal methodologies, templates, and reusable assessment frameworksMentor junior consultants and support knowledge sharing within the consultancyAssist with scoping and pre-sales activities including proposals and statements of work (SOWs)Collaborate with internal pre-sales teams to identify use-cases and opportunities for third-party security tooling (e.g., CNAPP, secrets management, data security, cloud detection and response, NHI [Non-Human Identity], etc.)SkillsMinimum of 5 years designing AWS architecture and operating AWS workloads at scaleAWS knowledge must include networking, data security, identity and access management, automation, and extensive hands-on with Amazon's cloud-native security tooling servicesDemonstrated knowledge of emerging security patterns and best practices for AI/ML workloads in AWS, including securing SageMaker environments, implementing guardrails for generative AI services (Bedrock), and applying data protection controls for model training and inference pipelinesStrong knowledge of IAM patterns (RBAC, ABAC), federated access, permission boundaries, SCPs, and RCPsProficiency in Infrastructure as Code (Terraform, CloudFormation, CDK) and secure coding practicesExperience with CIEM, CSPM, or CWPP toolsFamiliarity with DevSecOps practices and integrating security into CI/CD pipelinesScripting and automation skills (e.g., Python, Bash, or PowerShell)Experience securing Kubernetes environments, including Amazon EKS and other managed Kubernetes platforms, with knowledge of pod security, RBAC, network policies, and container security best practicesAbility to lead technical workshops, discovery sessions, and architecture reviews with clientsComfortable advising both technical and non-technical stakeholders on cloud security strategySkilled in producing high-quality deliverables and communicating complex concepts clearlyExperience mentoring junior staff or guiding cross-functional teams on cloud security best practicesCollaborative mindset with a strong consulting presence and client service orientationBachelor's or equivalent experience in Cybersecurity, Computer Science, Engineering, or related fieldOngoing commitment to professional development and staying current with cloud and security trends and certificationsMinimum of 2 years of that experience must be as an internal IT/Security team member (not in a consulting capacity), demonstrating understanding of organizational ownership, operational realities, and internal stakeholder dynamicsWorking knowledge of the Cloud Security Alliance (CSA) Cloud Control Matrix (CCM)Skilled in cloud infrastructure threat modeling, risk analysis, and mapping controls to frameworks (e.g., NIST, CIS, MITRE ATT&CK)Preferred certifications: CISSP, CCSP, CCSKAWS Cloud certifications: AWS Certified Security – Specialty, AWS Certified Solutions Architect – ProfessionalOther CSP Certifications: Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security EngineerBenefitsRemote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans12 corporate holidays and a Flexible Time Off (FTO) programHealthy mobile phone and home internet allowanceEligibility for retirement plan after 2 months at open enrollmentPet Benefit OptionCompany OverviewGuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations minimize risk. It was founded in 2011, and is headquartered in Reston, Virginia, USA, with a workforce of 1001-5000 employees. Its website is https://www.guidepointsecurity.com/.