DescriptionROLE: AWS Security ArchitectREPORTS TO: VP of Technology LOCATION: Hybrid / Corporate Office in Richmond Hill, OntarioSALARY: $130,000 - $160,000; up to 10% discretionary incentive target* THE OPPORTUNITYWe are seeking a
Principal AWS Security Architect to join our team in a
newly created, high-impact individual contributor role. This position is designed for a senior-level subject matter expert (SME) who brings both
deep hands-on engineering capability and strategic architectural leadership.
You will lead the design and evolution of
secure, scalable AWS environments within a complex, multi-tenant architecture, with a focus on maturing the environment, and driving security improvements. This role will be instrumental in defining how security is consistently enforced, ensuring both flexibility and strong security posture at scale.
You will shape how security is embedded across infrastructure, platforms, applications, and data, with a focus on
tenant-aware design, identity-centric controls, and scalable guardrails. This is an opportunity to define standards, influence platform direction, and build enterprise-grade cloud security capabilities from the ground up.
The ideal candidate is an excellent communicator, and thrives in
cloud-native, product-driven environments, partners closely with Engineering and Data teams, and brings a strong perspective on
secure-by-design and tenant-aware architecture patterns. A background in
software development or development-driven environments is also a strong asset.
KEY JOB RESPONSIBILITIES- Define, own, and evolve the AWS cloud security architecture across complex, multi-account, multi-tenant environments, ensuring proper tenant isolation and secure shared services
- Design and implement scalable, tenant-aware security guardrails, controls, and landing zone frameworks
- Establish and maintain secure configuration baselines and policy enforcement that operate effectively across multiple tenants and environments
- Serve as the AWS security subject matter expert, providing both strategic direction and hands-on technical leadership in high-complexity environments
- Architect and implement secure multi-tenancy models, including isolation strategies (account, VPC, and application-level), segmentation, and boundary enforcement
- Partner with Infrastructure, Software Engineering, and Data Engineering teams to embed security into multi-tenant platforms and development workflows
- Drive identity-first security architecture, ensuring strong tenant-aware IAM design, least-privilege access, and federation strategies
- Integrate security into DevSecOps pipelines, supporting secure delivery of applications across tenants
- Contribute to and enhance security monitoring, detection, and incident response, including tenant-level visibility and response patterns
- Support security governance, compliance, and audit readiness, ensuring controls scale effectively across tenants without introducing operational friction
- Continuously evaluate and improve security posture in distributed, high-scale, multi-tenant cloud environments
CANDIDATE PROFILERequired Qualifications:
- 7+ years of experience in cybersecurity, cloud security, or security engineering
- 4+ years of Architecture experience securing AWS environments at scale
- Proven experience designing and securing complex, multi-tenant cloud architectures, including tenant isolation and segmentation strategies
- Demonstrated ability to operate at both strategic architectural and hands-on engineering levels
- Excellent communicator, conversant in working across teams to drive security improvements and communicating complex information to senior leadership.
- Deep expertise in AWS security services (IAM, Config, GuardDuty, Security Hub, CloudWatch)
- Strong experience designing tenant-aware identity and access management (IAM) modelsc, ideally including EntraID and OAuth expertise.
- Experience with infrastructure as code (Terraform and/or AWS CloudFormation) in large-scale, multi-environment deployments
- Solid knowledge of cloud network security, including segmentation approaches for multi-tenant environments (VPCs, WAF, firewalls, VPNs)
- Experience securing CI/CD pipelines in shared or multi-tenant delivery environments
- Proven track record implementing secure baselines, guardrails, and policy-driven controls at scale
Preferred Qualifications:
- Experience with AWS Control Tower and multi-account landing zone architectures
- Experience designing secure multi-tenant platform patterns (SaaS or shared services models)
- Experience with Amazon Macie and data protection in multi-tenant contexts
- An understanding of securing Agentic AI deployment, ideally including Bedrock/AgentCore.
- Familiarity with Microsoft security tooling (Sentinel, Defender XDR, Entra ID)
- Background in software development or engineering-led organizations (strong asset)
- Experience working in cloud-native, product-driven, or SaaS environments
- AWS Certified Security - Specialty
- CISSP or equivalent certification
*The base salary range is intended to reflect the role's base salary rate in locations throughout Canada. Salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, alignment with market data, and geographic location. The base salary range does not include any bonuses or benefits.
Work Authorization Requirement: Applicants must be legally authorized to work in Canada at the time of application and throughout employment. The company does not provide visa sponsorship for this role.