À propos
LAKE FOREST, IL, US, 60045-5202
Work Location Type:
Hybrid
Compensation
The anticipated base pay compensation range for this position is $146,200.00 – $243,600.00. This role is eligible for an incentive target up to 20% based on achievement of individual and company performance objectives in accordance with the current terms of the incentive program.
Eligibility
This position is not eligible for any form of sponsorship now or in the future. Individuals requiring sponsorship (e.g., OPT or H1B visa status) should not apply. Only individuals authorized to work in the United States now and for the foreseeable future will be considered for this position.
Rewards and Benefits
Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.
The Information Security team protects all of Grainger, from our systems to our data across the global company. Our infrastructure is powered by cloud, on-premises, and SaaS platforms that keep Grainger, and our customers, working. We use modern tools and practices to stay ahead of evolving security challenges.
The mission of the Security Architecture team is to be the strategic security design partner for Grainger’s technology. As the security architect responsible for Grainger’s cloud platforms, you will be responsible for architecting, advising on, and governing a secure cloud infrastructure supporting business needs. You will support the progressive needs of the business and provide timely, secure and cost-efficient solutions that elevate the company’s cloud security posture. An advanced role, the cloud architect will deliver resilient architectures at scale to support business initiatives. The role requires deep technical knowledge of cloud computing architecture, security principles, and cybersecurity best practices. A cloud security architect is highly technical and proficient in cybersecurity and systems administration across a wide variety of infrastructure types (SaaS, IaaS, PaaS), with a strong understanding of cloud-native patterns including containerization, serverless, and infrastructure as code. A deep level of demonstrated experience with AWS is a requirement, with functional knowledge of Microsoft Azure and Google Cloud required.
In this individual contributor role, you will report to the Director of Cybersecurity Architecture and may be based remotely or at our offices in the Chicago area.
You Will
Plan, research, and develop security architecture for cloud solutions (SaaS, PaaS, and IaaS), which may include custom in-house solutions and third‑party solutions.
Define strategies and roadmaps to support security and company technology goals.
Communicate the state of cloud security posture to cybersecurity leaders, IT leaders, and other stakeholders through a thoughtful metrics and KPI‑driven message.
Develop, maintain, and enforce cloud security policies and procedures. Leverage best practices, standards, and baselines such as Cloud Security Alliance Cloud Controls Matrix (CCM), CIS Benchmarks, cloud provider Well‑Architected Framework security pillars, and NIST SP 800‑series.
Work with teams to define requirements, evaluate architecture, analyze trade‑offs, and recommend solutions.
Create conceptual and logical architecture designs, including cloud security reference architectures and secure landing zone designs.
Assess risks through threat modeling and white‑boarding exercises with teams.
Evaluate products and tools through Proof of Value exercises.
Advise product teams on the security implications of their roadmaps.
Partner with engineering teams, cloud platform teams, and other peer architecture teams to ensure security is embedded in technical decisions from design through implementation.
Define and maintain cloud account/subscription governance, including organizational unit structure, service control policies, and permission boundaries.
Design and advise on security architectures for CI/CD pipelines, including secrets management, IaC scanning, container image scanning, and artifact integrity.
Architect cloud‑native security monitoring and logging strategies, including integration with Grainger’s SIEM/SOAR platform.
Evaluate and mature cloud‑native security tooling to support detection, prevention, and compliance objectives.
Mentor peers and junior architects through design reviews, knowledge sharing, and technical leadership across the security architecture team.
You Have
5+ years of architecture experience, with at least 3 years focused on cloud environments.
8+ years of information security experience.
Bachelor's degree preferred or equivalent work experience.
Deep expertise in designing cloud security architectures that support the business needs of large enterprises, with primary depth in AWS and functional proficiency in Microsoft Azure and Google Cloud.
Proven experience with zero‑trust architecture principles, encryption and key management, web application firewalls, data protection, vulnerability management, API security, and Infrastructure as Code security (Terraform, CloudFormation, or equivalent).
Strong understanding of cloud IAM architecture, including AWS IAM policies, service control policies (SCPs), Azure Entra ID conditional access, and federated identity patterns.
Experience with cloud‑native security tooling, including CNAPP, CSPM, CWPP, and CIEM solutions.
Working knowledge of container and Kubernetes security concepts, including image scanning, runtime protection, admission control, network policies, and RBAC.
Familiarity with CI/CD pipeline security practices, including shift‑left security integration, secrets management, SAST/DAST, and software supply chain security concepts (SBOM, artifact signing).
Familiarity with security frameworks and industry standards such as CIS Benchmarks, CSA CCM, NIST CSF, and cloud provider Well‑Architected Frameworks.
Working technical knowledge within the network security space. Areas of familiarity should include SSE/SASE, SD‑WAN, next‑generation firewalls, enterprise routing and switching, microsegmentation, web application firewalls, and cloud‑adjacent and edge compute.
Design and communicate cloud security monitoring and logging architectures, including native cloud provider tools and SIEM/SOAR integration.
Relevant certifications preferred: CISSP, CCSP, AWS Solutions Architect, or vendor‑specific cloud security certifications (e.g., AWS Security Specialty/Network Specialty).
We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace.
We are committed to fostering an inclusive, accessible work environment that includes providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one’s employment. If you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview or hiring process, please advise us so that we can provide appropriate assistance.
#J-18808-Ljbffr
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.