Job Description:
Role Summary/Purpose:
Synchrony is seeking a Cloud Security Architect (Azure) to serve as a technical subject matter expert within the Security Architecture team, responsible for secure-by-design architecture across Azure and hybrid environments. This role focuses on defining reference architectures, configuration baselines, and scalable guardrails for Azure services, cloud infrastructure components, and container platforms (AKS). The architect will partner with platform, infrastructure, and application teams to translate security requirements into actionable designs and to operationalize controls through automation, IaC, and policy-as-code.
This is a technical individual contributor role emphasizing architecture rigor, hands-on depth in Azure security, high-quality documentation, and practical enablement of engineering teams through repeatable patterns.
Essential Responsibilities:
Define Azure cloud security architecture including secure landing zone patterns, reference architectures, and guardrails for shared services and workload teams.
Create and maintain configuration baselines and hardening standards for Azure services and foundational components (identity, networking, compute, storage, logging/monitoring).
Lead security architecture for AKS/containers and cluster ecosystems, including:
image and artifact security (scanning, provenance where applicable),
secrets management patterns,
runtime protections and cluster hardening,
network policies and workload isolation.
Establish secure patterns for infrastructure-as-code (Terraform/Bicep/ARM) and CI/CD pipelines, enabling policy-as-code, preventative controls, and shift-left security.
Perform architecture/design reviews, threat modeling, and risk assessments for cloud initiatives; document findings, recommendations, and required remediation actions.
Define practical approaches for exception handling and compensating controls aligned to enterprise standards.
Drive measurable cloud security posture improvements (baseline compliance, control coverage, drift detection, remediation SLAs) through actionable recommendations and automation.
Build and publish reusable templates, modules, and “golden configurations” that enable secure self-service (“paved road”) delivery.
Partner with Security Operations and platform teams to ensure cloud architectures support logging, monitoring, detection, and incident readiness.
Perform other duties and/or special projects as assigned.
Qualifications/Requirements:
7+ years of experience in security architecture/engineering with significant focus on cloud and hybrid environments.
Strong hands-on experience securing Microsoft Azure, including enterprise foundational services and common workload patterns.
Proven experience designing and operationalizing security configuration baselines and ensuring they remain enforced over time (e.g., Azure Policy, automation, drift detection).
Working knowledge of container/Kubernetes security (AKS or similar), including supply chain controls and runtime protections.
Strong understanding of security domains: IAM, network security, encryption/key management, logging/monitoring, vulnerability management, and incident readiness.
Ability to influence engineering outcomes through clear documentation, diagrams, reference architectures, and pragmatic guidance (without direct authority).
Ability and flexibility to travel for business as required
Desired Characteristics:
Experience with Azure-native security and governance services: Defender for Cloud, Azure Policy, Sentinel, Key Vault, Private Link, Entra ID security controls.
Strong IaC and automation skills: Terraform, Bicep/ARM; CI/CD integration; scripting/programming (Python, PowerShell, C#, or similar).
Experience translating security requirements into policy-as-code and automated governance patterns (preventative controls, continuous compliance reporting).
Familiarity with regulated environments and security control mapping (NIST/ISO/CIS, etc.).
Certifications (preferred): AZ-500, SC-100, CCSP, CISSP (or equivalent).
Azure, AKS/containers, Terraform, Bicep/ARM, Azure Policy, Defender for Cloud, Key Vault, Sentinel, CI/CD tooling (GitHub/Jenkins), scripting/programming, automation frameworks, Wiz, Qualys.
Grade/Level: 11
The salary range for this position is 115,000.00 - 200,000.00 USD Annual and is eligible for an annual bonus based on individual and company performance.
Actual compensation offered within the posted salary range will be based upon work experience, skill level or knowledge.
Salaries are adjusted according to market in CA, NY Metro and Seattle.
Eligibility Requirements:
You must be 18 years or older
You must have a high school diploma or equivalent
You must be willing to take a drug test, submit to a background investigation and submit fingerprints as part of the onboarding process
You must be able to satisfy the requirements of Section 19 of the Federal Deposit Insurance Act.
New hires (Level 4-7) must have 9 months of continuous service with the company before they are eligible to post on other roles. Once this new hire time in position requirement is met, the associate will have a minimum 6 months’ time in position before they can post for future non-exempt roles. Employees, level 8 or greater, must have at least 18 months’ time in position before they can post. All internal employees must consistently meet performance expectations and have approval from your manager to post (or the approval of your manager and HR if you don’t meet the time in position or performance expectations).
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job opening. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
Our Commitment:
When you join us, you’ll be part of an inclusive culture where your individual skills, experience, and voice are not only heard – but valued. Together, we’re building a future where we can all belong, connect, and turn ideals into action. More than 50% of our workforce is engaged in our Employee Resource Groups (ERGs), where community and passion intersect to offer a safe space to learn and grow.
This starts when you choose to apply for a role at Synchrony. We ensure all qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or veteran status. We’re proud to have an award-winning culture for all.
Reasonable Accommodation Notice:
Federal law requires employers to provide reasonable accommodation to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job or to perform your job. Examples of reasonable accommodation include making a change to the application process or work procedures, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.
If you need special accommodations, please call our Career Support Line so that we can discuss your specific situation. We can be reached at 1-866-301-5627. Representatives are available from 8am – 5pm Monday to Friday, Central Standard Time
Job Family Group:
Information Technology