Job Title

Immediate Hiring II Remote in Canada II Contract/Fulltime About the job: Title: Principal AWS Security Architect Start Date: Immediately Position Type: Contract/ Full Time Location: Remote across Canada Job Description: Principal AWS Security Architect Role Overview The Principal AWS Security Architect will be the strategic lead for our cloud security posture, with a specialized focus on highly regulated workloads. You will architect and govern a ''''secure-by-default'''' ecosystem that aligns with Federal (FedRAMP/NIST) and Healthcare (HIPAA/HITRUST) standards. You are responsible for ensuring that all innovations in AI/ML and Data services are built on a foundation of absolute privacy and automated compliance. Core Responsibilities 1. Regulatory Architecture (HIPAA, HITRUST, FedRAMP) Healthcare Compliance: Design architectures that strictly adhere to HIPAA Security and Privacy Rules; manage the implementation of technical safeguards for ePHI across the full AWS stack. HITRUST Certification: Lead the technical readiness for HITRUST CSF assessments, leveraging the AWS Shared Responsibility Model and Inheritance program to accelerate certification. Federal Standards: Align cloud infrastructure with FedRAMP (High/Moderate) and NIST SP 800-53 controls, ensuring all ''''Customer Responsibility'''' layers are fully documented and audited. Audit Automation: Utilize AWS Audit Manager to create automated evidence-collection frameworks for recurring compliance cycles. 2. Threat Modeling & Adversarial Defense (MITRE ATT&CK) Adversarial Mapping: Map detective controls and AWS Security Hub findings to the MITRE ATT&CK Cloud Matrix to identify and close defensive gaps. TTP Detection: Design custom EventBridge and GuardDuty alerts to detect specific Tactics, Techniques, and Procedures (TTPs) such as lateral movement or data exfiltration. 3. Modern Compute & Supply Chain Security Container Hardening: Secure EKS/ECS/Fargate environments using Pod Security Standards, image signing (Notation), and GuardDuty Runtime Monitoring. Serverless Security: Architect secure Lambda patterns, including execution isolation, environment variable encryption (KMS), and API Gateway protection via AWS WAF. Vulnerability Lifecycle: Implement Amazon Inspector for continuous vulnerability management across EC2, Containers, and Lambda, prioritizing remediation based on contextual risk. 4. Governance & Zero Trust Architecture Landing Zone Security: Enforce global guardrails via Service Control Policies (SCPs), AWS Organizations, and VPC Service Controls. Identity & Access: Design sophisticated IAM policies and IdP integrations (Okta/Azure AD) using Least Privilege and Zero Trust (AWS Verified Access) principles. Automated Remediation: Build ''''Self-Healing'''' workflows using Systems Manager (SSM) to automatically quarantine compromised assets and revoke leaked credentials in real-time. #J-18808-Ljbffr