Senior Cybersecurity Architect
Role details
Job location
Tech stack
Job description
- The Enterprise Cyber Security Solution Architect is responsible for designing, maturing, and governing enterprise-wide cybersecurity solutions that protect critical information assets and infrastructure.
- This role serves as a solution architect and technical authority, defining future-state architectures, security standards, and multi-year roadmaps, while partnering with engineering teams, system integrators, and Managed Security Service providers (MSS) for execution and operations.
- The position provides architectural leadership across:
- Identity & Access Management (IAM/IGA)
- Privileged Access Management (PAM)
- Data Loss Prevention (DLP)
- Application Security
- Public Key Infrastructure (PKI)
- Note: This is an architecture-focused role and does not involve hands-on implementation or day-to-day administration., Identity Management & Identity Governance (IAM / IGA) - 35%
- Define and maintain IAM/IGA reference architectures, standards, and roadmaps aligned with Zero Trust and least privilege principles
- Provide architecture leadership for Microsoft Entra ID (passwordless authentication, Conditional Access, SSO, identity federation)
- Architect and mature Saviynt IGA capabilities (RBAC, role catalog, entitlement management, access certifications)
- Design identity controls to mitigate BYOD risk using Conditional Access and device trust strategies
- Lead integrations with enterprise platforms (e.g., PAM tools, ITSM, ERP systems)
- Govern non-human/workload identities in coordination with IAM and PAM platforms
Privileged Access Management (PAM - CyberArk) - 25%
- Serve as the enterprise PAM solution architect and design authority
- Define and lead the PAM maturity roadmap (pilot * enterprise rollout * MSS transition)
- Architect advanced capabilities including:
- Privileged session recording
- Secure credential access
- Just-in-time (JIT) provisioning
- Privilege reduction strategies
- Establish PAM architectures across on-prem, cloud, hybrid, and distributed environments
- Provide governance oversight to ensure scalable, secure, and compliant implementations
Data Loss Prevention (DLP - Microsoft Purview) - 15%
- Lead architecture for enterprise DLP capabilities
- Define data classification, labeling, and protection strategies across:
- Endpoints
- Cloud platforms
- Data at rest
- Align DLP with IAM, Conditional Access, and data governance requirements
- Partner with Legal, Compliance, and Risk teams to meet regulatory and privacy standards
Application Security (Architecture & Secure SDLC) - 15%
- Define secure application architectures and secure coding standards
- Integrate security into the Software Development Lifecycle (SDLC)
- Provide guidance on authentication, authorization, and secure data handling
- Support security architecture reviews and risk assessments for critical systems
PKI & Certificate Management - 5%
- Provide governance for PKI and certificate lifecycle management
- Define standards for certificate issuance, renewal, revocation, and automation
- Support certificate-based authentication and passwordless initiatives
Cyber Defense & Security Governance - 5%
- Contribute to architecture and governance of threat detection and response capabilities
- Support development of security standards, policies, and control frameworks
- Act as a trusted advisor in security architecture and enterprise risk discussions
Relationships
Internal:Information Security, Enterprise Architecture, IAM/IGA teams, Application Development, Infrastructure, Cloud, Risk, Compliance, Audit, Executive Leadership
External:System Integrators, Security Vendors, Managed Security Service Providers, Auditors, Industry Partners
Requirements
Do you have experience in PKI?, Do you have a Bachelor's degree?, * Bachelor's degree in Cybersecurity, Computer Science, Engineering, or related field (or equivalent experience)
- 8+ years of cybersecurity or IT experience with strong architecture exposure
- Demonstrated expertise across IAM/IGA, PAM, DLP, Application Security, and PKI
- Strong communication, documentation, and strategic planning skills
Certifications
Required:
- Two cybersecurity certifications (or ability to obtain within 1 year) from recognized vendors (e.g., (ISC)², GIAC, ISACA, CompTIA, EC-Council)
Preferred:
- ITIL v3
- Certifications such as: CISSP, CISM, CISA, CRISC, CEH, GIAC, OSCP, SSCP (or similar), * 8+ years of experience in cybersecurity or IT, including:
- Security architecture
- Risk analysis and security assessments
- Systems or infrastructure security
- Data protection (DLP/FIM)
Knowledge, Skills & Abilities
- Expert-level understanding of cybersecurity architecture and best practices
- Strong knowledge of:
- Threat landscape, vulnerabilities, and risk management
- IAM, data protection, application, and infrastructure security
- Enterprise architecture frameworks and models
- Security frameworks (e.g., NIST, ISO 27001)
- Experience with:
- SIEM, IDS/IPS, endpoint protection, and threat intelligence tools
- Risk assessments and vulnerability analysis
- Strong analytical, problem-solving, and communication skills
- Ability to work across technical and non-technical stakeholders
- Adaptability to evolving technologies, threats, and regulatory requirements
Benefits & conditions
3.63.6 out of 5 stars Lutz, FL 33548 Hybrid work Up to $70 an hour - Contract, * Standard office environment
- Occasional after-hours, weekend work, and on-call participation
Physical Requirements
- Standard office-related physical demands