Cloud Security Architect (337)

WSP is one of the worlds leading professional services firms operating in over 50 countries and employs approximately 75,000 professionals, known as Visioneers. Together they pioneer solutions and deliver innovative projects in the transportation, infrastructure, environment, building, energy, water, and mining and metals sectors.

Position Summary This role is a hands-on, senior individual contributor responsible for designing, building, and operating secure, scalable Azure platform capabilities, while enforcing enterprise guardrails and compliance requirements. The successful candidate will work in a consultative capacity, owning platform roadmaps and backlogs, responding to intake requests, and providing architectural guidance and sign-off. You will have a governance dotted line to the Corporate Security & Compliance team, ensuring alignment with enterprise security policy.

Main Responsibilities

Security Architecture Design Design and maintain the security architecture for the Digital Services Azure platform across all regions, including network segmentation, Private Endpoint strategy, and zero-trust network posture. Architect the controls that align with enterprise security, compliance, and operational standards. Define security patterns for vendor application teams: authentication flows, secrets management, API security, data-at-rest and data-in-transit encryption standards. Identify gaps, risks, and opportunities for improvement across Azure environments. Contribute to standards, patterns, and reference architectures.

Detection Engineering Design and govern detection engineering. Define the security telemetry strategy: what gets collected, where its stored, how long its retained, and how it aligns with regional data residency constraints (noting that security telemetry is centralised by design). Governance & Compliance Architecture Implement corporate security and compliance requirements within the Digital Services platform using policy-as-code (Azure Policy, custom initiatives) and automated evidence capture. Design the compliance evidence architecture so that audit readiness is a continuous state. Own security exception governance: assess exception requests, document risk acceptance, and ensure appropriate approval chains. Contribute to architecture decision records (ADRs) for all security-impacting design decisions.

Cross-Team Security Standards Define security architecture standards that apply horizontally across all Digital Services teams - platform engineering, vendor application development, and vendor DevOps. Review and approve vendor security patterns and access models. Work with the Development teams to embed security practices and controls. Serve as security escalation point for the platform engineering team during incidents.

Required Experience & Skills

• 5+ years of experience, including experience specializing in information security roles.
• Strong analytical skills with a keen eye for detail and accuracy.
• Experience designing security architecture for Azure-hosted platforms.
• Experience with Azure Landing Zones (CAF-aligned) / enterprise-scale reference architecture.
• Proven ability to translate regulatory and compliance requirements into enforceable technical architecture.
• Familiarity with zero-trust architecture principles applied to Azure deployments.
• Knowledge and experience using Microsoft security platforms, other vendor security systems are highly desirable.
• Knowledge about advanced security capabilities, including integrations with other systems.
• Prior participation in architecture review or governance forums.
• Strong written communication: you will author and review ADRs, security architecture documents, and pattern guides that vendor teams and corporate governance rely on.

If you don't meet every qualification, we still encourage you to apply.

Preferred Experience

• Experience working in a regulated SaaS environment with multi-region data residency requirements.
• Hands-on Infrastructure-as-Code experience.
• Experience working with third-party vendor development teams.

Skills / Competency / Other requirements

• Excellent written and spoken English.
• Ability to work independently with low-level supervision and in a global team distributed geographically.
• Strong organization skills (set priorities, meets deadlines, multiple simultaneous projects) and excellent documentation skills.
• Excellent analytical and diagnostic problem-solving skills with the ability of providing solutions to identified problems.
• Demonstrated experience in understanding, designing, delivering, and demonstrating compliance with information security requirements.
• Knowledge and experience in performing information security practices in the management and delivery of infrastructure and operations.
• Education: Bachelor's degree or equivalent experience in Information Technology, Computer Science, Engineering, or a related field.
• Advanced degrees or certifications are a plus but not required.

WSP Benefits:

• WSP provides a comprehensive suite of benefits focused on a providing health and financial stability throughout the employee's career. These benefits include coverage related to medical, dental, vision, disability, and life; retirement savings; paid sick leave; paid vacation (or other personal time); paid parental leave; and paid time off for purposes of bereavement, voting, and/or attendance at naturalization proceedings.

Compensation:

• Expected Salary (all locations): $86,100.00 - $150,590.00
• WSP USA is providing the compensation range that the company in good faith believes it might pay and offer for this position, based on the successful applicant's education, experience, knowledge, skills, abilities in addition to internal equity and specific geographic location. WSP USA reserves the right to ultimately pay more or less than the posted range and offer additional benefits and other compensation, depending on circumstances not related to an applicant's sex or other status protected by local, state, and/or federal law.

About WSP WSP USA is the U.S. operating company of WSP, one of the worlds leading engineering and professional services firms. Dedicated to serving local communities, we are engineers, planners, technical experts, strategic advisors and construction management professionals. WSP USA designs lasting solutions in the buildings, transportation, energy, water and environment markets. With more than 15,000 employees in over 300 offices across the U.S., we partner with our clients to help communities prosper. www.wsp.com

WSP provides a flexible and agile workplace model while meeting client needs. Employees are also afforded a comprehensive suite of benefits including medical, dental, vision, disability, life, and retirement savings focused on providing health and financial stability throughout the employee's career. At WSP, we want to give our employees the challenges they seek to grow their careers and knowledge base. Your daily contributions to your team will be essential in meeting client objectives, goals and challenges. Are you ready to get started?

WSP USA (and all of its U.S. companies) is an Equal Opportunity Employer. The selected candidate must be authorized to work in the United States.

NOTICE TO THIRD PARTY AGENCIES: WSP does not accept unsolicited resumes from recruiters, employment agencies, or other staffing services. Unsolicited resumes include any resume or hiring document sent to WSP in the absence of a signed Service Agreement where WSP has expressly requested recruitment/staffing services specific to the position at hand. Any unsolicited resumes, including those submitted to hiring managers or other business leaders, will become the property of WSP and WSP will have the right to hire that candidate without reservation - no fee or other compensation will be owed or paid to the recruiter, employment agency, or other staffing service.