Cloud Security Architect

4 million products. For more information, visit https://www.grainger.com.

Compensation

The anticipated base pay compensation range for this position is $146,200.00 - $243,600.00. This role is eligible for an incentive target of up to 20 % or $ , based on the achievement of individual and company performance objectives in accordance with the current terms of the incentive program which are subject to change.

"This position is not eligible for any form of sponsorship now or in the future. Individuals requiring sponsorship (e.g. OPT or H1B visa status) should not apply. Only individuals authorized to work in the United States now and for the foreseeable future will be considered for this position."

Rewards and Benefits

With benefits starting on day one, our programs provide choice and flexibility to meet team members' individual needs, including:

• Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.

• 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.

• 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.

• Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.

• Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.

For additional information and details regarding Grainger's benefits, please click on the link below:

https://experience100.ehr.com/grainger/Home/Tools-Resources/Key-Resources/New-Hire

Grainger Benefits

The pay range provided above is not a guarantee of compensation. The range reflects the potential base pay for this role at the time of this posting based on the job grade for this position. Individual base pay compensation will depend, in part, on factors such as geographic work location and relevant experience and skills.

The anticipated compensation range described above is subject to change and the compensation ultimately paid may be higher or lower than the range described above.

Grainger reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion at any time, consistent with applicable law.

**Position Details
**

The Information Security team protects all of Grainger, from our systems to our data across the global company. Our infrastructure is powered by cloud, on-premises, and SaaS platforms that keep Grainger, and our customers, working. We use modern tools and practices to stay ahead of evolving security challenges.

The mission of the Security Architecture team is to be the strategic security design partner for Grainger's technology. As the security architect responsible for Grainger's cloud platforms, you will be responsible for architecting, advising on, and governing a secure cloud infrastructure supporting business needs.

You will support the progressive needs of the business and provide timely, secure and cost-efficient solutions that elevate the company's cloud security posture. An advanced role, the cloud architect will deliver resilient architectures at scale to support business initiatives. The role requires deep technical knowledge of cloud computing architecture, security principles, and cybersecurity best practices. A cloud security architect is highly technical and proficient in cybersecurity and systems administration across a wide variety of infrastructure types (SaaS, IaaS, PaaS), with a strong understanding of cloud-native patterns including containerization, serverless, and infrastructure as code. A deep level of demonstrated experience with AWS is a requirement, with functional knowledge of Microsoft Azure and Google Cloud required.

In this individual contributor role, you will report to the Director of Cybersecurity Architecture and may be based remotely or at our offices in the Chicago area.

"This position is not eligible for any form of sponsorship now or in the future. Individuals requiring sponsorship (e.g. OPT or H1B visa status) should not apply. Only individuals authorized to work in the United States now and for the foreseeable future will be considered for this position."

You will

• Plan, research, and develop security architecture for cloud solutions (SaaS, PaaS, and IaaS), which may include custom in-house solutions and third-party solutions

• Define strategies and roadmaps to support security and company technology goals

• Communicate the state of cloud security posture to cybersecurity leaders, IT leaders, and other stakeholders through a thoughtful metrics and KPI-driven message

• Develop, maintain, and enforce cloud security policies and procedures. Leverage best practices, standards, and baselines such as Cloud Security Alliance Cloud Controls Matrix (CCM), CIS Benchmarks, cloud provider Well-Architected Framework security pillars, and NIST SP 800-series

• Work with teams to define requirements, evaluate architecture, analyze trade-offs, and recommend solutions

• Create conceptual and logical architecture designs, including cloud security reference architectures and secure landing zone designs

• Assess risks through threat modeling and white-boarding exercises with teams

• Evaluate products and tools through Proof of Value exercises

• Advise product teams on the security implications of their roadmaps

• Partner with engineering teams, cloud platform teams, and other peer architecture teams to ensure security is embedded in technical decisions from design through implementation

• Define and maintain cloud account/subscription governance, including organizational unit structure, service control policies, and permission boundaries

• Design and advise on security architectures for CI/CD pipelines, including secrets management, IaC scanning, container image scanning, and artifact integrity

• Architect cloud-native security monitoring and logging strategies, including integration with Grainger's SIEM/SOAR platform

• Evaluate and mature cloud-native security tooling to support detection, prevention, and compliance objectives

• Mentor peers and junior architects through design reviews, knowledge sharing, and technical leadership across the security architecture team

You have

• 5+ years of architecture experience, with at least 3 years focused on cloud environments

• 8+ years of information security experience

• Bachelor's degree preferred or equivalent work experience

• Deep expertise in designing cloud security architectures that support the business needs of large enterprises, with primary depth in AWS and functional proficiency in Microsoft Azure and Google Cloud

• Proven experience with zero trust architecture principles, encryption and key management, web application firewalls, data protection, vulnerability management, API security, and Infrastructure as Code security (Terraform, CloudFormation, or equivalent)

• Strong understanding of cloud IAM architecture, including AWS IAM policies, service control policies (SCPs), Azure Entra ID conditional access, and federated identity patterns

• Experience with cloud-native security tooling, including CNAPP, CSPM, CWPP, and CIEM solutions

• Working knowledge of container and Kubernetes security concepts, including image scanning, runtime protection, admission control, network policies, and RBAC

• Familiarity with CI/CD pipeline security practices, including shift-left security integration, secrets management, SAST/DAST, and software supply chain security concepts (SBOM, artifact signing)

• Familiarity with security frameworks and industry standards such as CIS Benchmarks, CSA CCM, NIST CSF, and cloud provider Well-Architected Frameworks

• Working knowledge of AI/ML workload security, including securing data pipelines, model hosting infrastructure, and awareness of frameworks such as OWASP Top 10 for LLMs and MITRE ATLAS

• Working technical knowledge within the network security space. Areas of familiarity should include SSE/SASE, SD-WAN, next-generation firewalls, enterprise routing and switching, microsegmentation, web application firewalls, and cloud-adjacent and edge compute

• Design and communicate cloud security monitoring and logging architectures, including native cloud provider tools and SIEM/SOAR integration

• Relevant certifications preferred: CISSP, CCSP, AWS Solutions Architect, or vendor-specific cloud security certifications (e.g., AWS Security Specialty/Network Specialty)

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace.

We are committed to fostering an inclusive, accessible work environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one's employment, should you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview or hiring process, please advise us so that we can provide appropriate assistance.