Cloud Security and Governance Architect

1. At least 4 years of experience with cloud-based technologies like AWS and knowledge of potential security risks involved in workload transitions from on-premises to cloud.

2. At least 5 years of previous client facing, and security advisory experience.

3. At least 4 years of experience with enterprise security solution design and implementation skills covering Identity and Access Management (IAM), Infrastructure security (network & endpoint), privacy and data security application security.

4. At least 4 years of experience working with multiple AWS accounts and several VPCs in each account and managing the monitoring of security settings at an enterprise level.

5. University degree in Computer Science or equivalent experience with security technologies. Client may request a copy of the degree.

Desirable Technical Qualifications:

1. Serve as the subject matter expert (SME) on Cloud Security.

2. Provide specific guidance regarding security requirements and mitigations for securing business use cases with defense in depth.

3. Create secure design patterns and libraries for cloud applications in AWS, Azure, GCP in areas such as data protection, key management, authentication, and authorization.

4. Act as a lead advocate on security related subjects having to do with AWS, public cloud, virtualization, container technologies, infrastructure transformation, networking, and/or data center operations.

5. IT security (e.g., CISSP) or Cloud Security-related certifications (e.g., vendor neutral (CCSK, Certified Cloud Professional/Architect) or Cloud vendor certification (VMware VCP, AWS Certified Solutions Architect, Google, IBM).

6. Clear understanding of Customer Requirements, Security Risk, Threat Analysis must understand the IT regulatory control structures.

7. Understanding of industry regulatory and compliance requirements like FedRAMP, PCI-DSS, NIST, HIPAA.

8. CCSP (Certified Cloud Security Professional) and/or security certifications, such as CISSP, CISA, CRISC, CISM, and AWS Certified Security Specialist. Client may request a copy of the certifications.

9. IT security (e.g., CISSP) or Cloud Security-related certifications (e.g., vendor neutral (CCSK, Certified Cloud Professional/Architect) or Cloud vendor certification (VMware VCP, AWS Certified Solutions Architect, Google, IBM). CalSTRS may request a copy of the certifications.

10. Experience deploying automated AWS infrastructure using AWS CloudFormation, AWS Python SDK, Control Tower, AWS Config and AWS Organizations (Service Control Policies).