The Cloud Security Pattern Architect provides expertise to assess and certify cloud services for secure use within the organization. The role is responsible for documenting approved security patterns and embedding them into the threat modelling platform. This work ensures that cloud services are consistently evaluated, aligned with security and compliance requirements, and supported by reusable patterns.
Roles & Responsibilities
- Evaluate cloud services against internal and external security requirements and control frameworks.
- Identify relevant threats, mitigations, and assurance evidence.
- Support the formal certification of services by producing assessment documentation.
- Develop security patterns for approved cloud services and configurations.
- Ensure each pattern includes defined threats, mitigations, and implementation guidance.
- Structure patterns for consistency, clarity, and ease of consumption.
- Model patterns in the threat modeling tool, for the target audience, maintaining data quality and traceability.
- Align threat and control mappings within the tool to the organization’s assurance framework.
- Work with architecture, security, and compliance teams to streamline service certification. • Review updates from cloud providers and revise patterns as required.
- Provide knowledge transfer and guidance on using patterns effectively.
- Prior work developing or maintaining threat libraries or security control mappings.
Required Qualifications
- Strong understanding of cloud security architectures across AWS, GCP, or Azure.
- Familiarity with application security and security control frameworks such as MITRE CAPEC and CWE, NIST 800-53, ISO 27001, or CIS Controls.
- Practical experience in threat modeling.
- Cloud security certifications (e.g., AWS Certified Security – Specialty, Azure Security Engineer Associate).