Security Solutions Architect at Discovery Limited

Key Purpose

• The Cloud Security Architect is responsible for defining, governing, and guiding secure cloud architectures across the organisation, with Google Cloud Platform (GCP) as the primary strategic platform, while maintaining strong security and architectural oversight across AWS, Azure, and hybrid on-premises environments.
• The role combines security architecture ownership, cloud security consulting, and engineering oversight. Acting as a trusted technical advisor, the Cloud Security Architect supports teams in securing existing cloud platforms, leads the secure onboarding of new cloud environments, and ensures security is embedded by design across all cloud initiatives.
• The primary accountability is security architecture, design architect, and enablement, rather than day-to-day platform operations. Hands-on engagement is expected where required to validate designs, assess risk, and guide secure implementation.

Areas of responsibility may include but not limited

Cloud Security Architect

• Participate in development of information governance and privacy strategy in support of business objectives and arising risks with particular focus on information governance and privacy capabilities, operational and service excellence.  
• Define and own cloud security architecture standards.
• Design and review secure GCP, AWS and Azure landing zones, aligned to:
• Identity-driven security architectures with continuous access evaluation
• Granular, risk-based access controls and privilege management
• Enforcement of security controls through native cloud services, organisational policies, and approved reference architectures
• Act as design architect for GCP security architectures, ensuring consistency, scalability, and risk alignment.

Core Security Architecture & DevSecOps

• Define enterprise cloud security baselines aligned to ISO 27001, NIST CSF, and CIS Benchmarks.
• Guide Zero Trust architectures and security monitoring patterns.
• Provide architectural oversight for DevSecOps and secure software supply chains, including:
• Secure CI/CD patterns
• Automated security scanning and policy enforcement
• Container, workload, and artefact hardening
• Infrastructure-as-Code (IaC) architecture and practices

Multi-Cloud & Hybrid Security

• Apply cloud-agnostic security principles across GCP (primary), AWS, and Azure.
• Consult and guide security architectures for:
• Existing cloud environments
• New cloud onboarding initiatives
• New services to be deployed and activated in any of the clouds
• Define secure connectivity patterns between cloud platforms and on-premises environments.
• Support consolidation and rationalisation of cloud accounts, subscriptions, projects, and tenants.

Infrastructure-as-Code (IaC) Security & Governance

• Demonstrate strong IaC literacy, with the ability to read, understand, review, and assess IaC code (e.g. Terraform and cloud-native templates).
• Identify and remediate security risks, misconfigurations, and architectural gaps within IaC, ensuring alignment to security standards, secure baselines, least privilege, and Zero Trust principles.
• Support security and operations teams by reviewing and guiding IaC submissions from a security architecture perspective.

Identity, Platform & Data Security

• Define enterprise cloud identity architecture, including federation, workload identities, and privileged access models.
• Guide security architecture for Kubernetes, serverless platforms, and managed cloud services.
• Consult on standards for encryption, key management, secrets management, and data protection

Governance, Risk & Enablement

• Ensure cloud architectures are auditable, observable, and compliant with internal standards and external regulations.
• Participate in architecture risk reviews.
• Produce clear security architecture documentation.

Personal Attributes and Skills

• Strong security architecture mindset with practical cloud expertise
• Clear communicator with technical and non-technical stakeholders
• Pragmatic, risk-based, and delivery-focused
• Comfortable operating in complex, enterprise environments
• Ability to rapidly learn, adapt, and apply new concepts in a changing technical environment
• Passion for researching new technologies and exploring innovative security solutions

Qualifications & Experience

Essential 

• 10+ years’ experience in IT and/or Information Security
• 5+ years’ experience in cloud security architecture or engineering
• 2 years Layer 7 enterprise firewall experience
• Proven experience designing and governing enterprises, hybrid, and multi-cloud environments
• Experience operating in a consultative or advisory role within complex organisations

Required Technical Skills

• Strong experience with GCP, AWS and Azure, including IAM, networking, firewalling, and native security controls
• Deep understanding of:
• Identity and access management
• Network and platform security
• Data protection and encryption
• Infrastructure-as-Code and security-as-code concepts
• Consult on secure AI architectures

Certifications (Beneficial)

• Google Professional Cloud Security Engineer (highly desirable)
• Google Professional Cloud Architect
• AWS Professional Cloud Security Engineer
• AWS Professional Cloud Architect
• Azure Professional Cloud Security Engineer
• Azure Professional Cloud Architect
• CISSP, CCSP or equivalent