Cloud Security Architect- Ministry Experience

Title: Cloud Security Architect- Ministry Experience

Location: Toronto, ON (Hybrid)

Type: Long Term Contract

Introduction:

Join a rock-solid organization as our client’s next Cloud Security Architect and sit at the center of projects that drives decisions. You’ll help one of Canada’s most trusted organizations work on the latest project, and be rewarded with great opportunities.

Key Responsibilities
• Lead end-to-end security design and architecture reviews for common cloud platforms (AWS, Azure, GCP) and major SaaS applications
• Develop and maintain secure-by-design reference architectures, patterns, and guidelines tailored to IaaS, PaaS, and SaaS deployments
• Perform threat modeling, risk assessments, and gap analyses to align solutions with internal security standards and regulatory requirements
• Define identity and access control strategies, including SSO, MFA, PKI, and least-privilege models
• Design various network and infrastructure security controls: e.g. network segmentation, security groups, firewalls, SASE, IPS/IDS
• Architect data protection solutions: encryption key management, Transparent Data Encryption, tokenization, DLP for cloud and SaaS data
• Integrate application and infrastructure logs into SIEM platforms (Splunk Cloud, Azure Sentinel) and design SOAR playbooks for automated response
• Collaborate with DevOps and engineering teams to embed security requirements in CI/CD pipelines, leveraging IaC tools
• Facilitate design workshops, governance gates, and architecture review boards; document decisions and action items
• Mentor junior architects and security engineers, sharing best practices and driving continuous improvement

Must Haves:

Core Security Technology Domains (45%)
• Cloud Security: Security arch and design with Cloud Platforms -(AWS, Azure)
• Identity & Access Management: SSO, MFA, PKI, identity federation (OAuth/OIDC, SAML)
• Infrastructure & Network Security: VCN/VNet/subnet design, firewalls, security groups, micro-segmentation, SASE patterns
• Data Protection: KMS/Vault key management, TDE, tokenization, DLP, data classification and discovery
• Application Security: Secure SDLC, container and serverless hardening, API gateway policies, WAF integration
• Security Operations & Visibility: SIEM ingestion pipelines, correlation searches, dashboards, SOAR automation, EDR tools

Agile Project Delivery (15%)
• Hands-on experience in Agile/Scrum environments: backlog management, user-story creation, sprint planning, retrospectives
• Embed security requirements and automated testing into CI/CD pipelines
• Facilitate cross-functional workshops (threat modeling, design sprints) to align SecOps, DevOps, and architecture teams

Architecture & Design Expertise (35%)
• Apply frameworks (TOGAF, NIST CSF, CIS Controls) to cloud and SaaS solutions
• Lead requirements gathering, conceptual, logical, and detailed design phases
• Provide engineering implementation support: IaC (Terraform, CloudFormation), configuration templates, logging-agent deployments
• Guide peers through design reviews, governance gates, and operational handovers

Public Sector & Regulatory Awareness (5%)
• Previous public-sector or regulated-industry experience is a plus
• Familiarity with mandates and standards (FIPPA, PHIPA, PCI DSS, AODA, ISO 27001)
• Embed audit trails, retention policies, and compliance checks into design artifacts

About Huntel Global:

Huntel Global is the specialized IT division of Drake International. Our mission is to connect talented IT professionals with organizations seeking the perfect fit for Contract, Temporary and Permanent opportunities.

Huntel Global is an equal opportunity employer and champions accessibility, inclusivity, and diversity in the workplace. We are committed to providing accommodations for applicants with disabilities throughout the recruitment process. If you require accommodation, please contact your Branch Representative at dlna-ontariohuntelglobal@na.drakeintl.com

Apply now—we look forward to meeting you!!!

Disclaimer: This job listing is published by the employer. We Are Hired Applications must be submitted via the official employer careers page using the "Apply" button below. We do not collect payments, application fees, or personal data from job seekers.