# Cybersecurity Architect - Cloud > Fuku · Kuala Lumpur, Malaysia · Full-time · Posted 2026-06-18 **Workplace:** on_site ## Description Key Responsibilities \- Provide overall technical direction for cybersecurity strategy and architecture across a hybrid on-premise and cloud landscape. \- Design and maintain the Group’s cloud security reference architecture for AWS and hybrid environments, including landing zones, network security, identity, data protection, and workload security. \- Define cloud security standards, guardrails, and policies aligned with frameworks such as NIST CSF, CIS Benchmarks, ISO 27001, and CSA Cloud Controls Matrix; ensure these are adopted across all cloud deployments. \- Architect identity and access management (IAM) solutions for hybrid environments, including Entra ID, conditional access, privileged identity management (PIM), and zero-trust architecture principles. \- Lead cloud security posture management (CSPM) strategy using tools such as Microsoft Defender for Cloud, AWS Security Hub, or third-party CSPM platforms; drive continuous compliance monitoring and remediation. \- Design secure network architectures for cloud environments, including micro-segmentation, WAF, DDoS protection, private endpoints, service endpoints, and hybrid connectivity security (ExpressRoute / Direct Connect / VPN). \- Provide security architecture guidance for SAP RISE / S/4HANA cloud migration, M365 tenant hardening, and cloud-native application development (containers, serverless, API security). \- Develop an AI agentic-first security review and vulnerability management pipeline to strengthen security posture while enabling automation. \- Define and operationalise cloud security monitoring, detection, and response capabilities, integrating cloud logs and alerts into the Group’s SIEM/SOAR platform. \- Collaborate with Infrastructure/Network Operations on secure cloud landing zone deployment, Infrastructure as Code (IaC) security (Terraform, ARM), and DevSecOps pipeline integration (SAST, DAST, SCA). \- Provide technical leadership on cloud data protection, including encryption at rest and in transit, key management (AWS KMS), DLP policies, and data classification enforcement. \- Stay current with emerging cloud threats, vulnerabilities, and attack techniques; advise leadership on evolving risk posture and recommend mitigation strategies. Qualifications & Requirements \- Bachelor’s degree in Computer Science, Cybersecurity, Information Security, or a related field; Master’s degree is an advantage. \- Minimum 8–12 years of experience in cybersecurity, with at least 4 years focused on cloud security architecture across AWS or multi-cloud environments. \- Deep hands-on expertise in AWS security services. \- Strong knowledge of zero-trust architecture, identity-centric security models, PAM/PIM, and modern authentication protocols (OAuth 2.0, SAML, OpenID Connect). \- Practical experience with cloud-native security tooling, including CSPM, CWPP, CNAPP, CASB, and cloud DLP solutions. \- Familiarity with securing SAP cloud environments (SAP RISE, BTP) and M365 security & compliance features (Purview, Defender for Office 365). \- Strong understanding of IaC security (Terraform, CloudFormation), container security (Kubernetes, Docker), and DevSecOps practices. Preferred Qualifications \- CISSP, CCSP, CCAK, or SABSA certification; AWS Certified Security – Specialty. \- Experience with regulatory compliance in multi-jurisdiction environments (PDPA, GDPR, SOX, industry-specific regulations). \- Background in securing OT/IT convergence environments or multi-industry conglomerates (manufacturing, plantations, FMCG, oil & gas). \- Experience with SIEM/SOAR platforms and threat intelligence integration. ## Apply [Apply at Fuku](https://apply.workable.com/fuku/j/DDFCE7F959/apply) --- Powered by [Workable](https://www.workable.com)