Senior Enterprise Security Architect & Automation Engineer
Role details
Job location
Tech stack
Job description
The Senior Enterprise Security Architect and Automation Engineer (SSAE) serves as a senior technical leader within the Office of Information Security and is responsible for advancing the technical maturity of SBA's enterprise security architecture, security engineering capabilities, and security automation program. The incumbent evaluates enterprise systems, infrastructure, cloud services, applications, data flows, and software delivery pipelines to identify architectural weaknesses, control gaps, integration opportunities, and operational inefficiencies. The role designs, implements, and continuously improves security technologies, automation workflows, and engineering processes that strengthen prevention, detection, response, resilience, and secure adoption of emerging technologies, including AI-enabled operations.
The incumbent works closely with Information Technology, application owners, infrastructure teams, development resources, vendors, and internal stakeholders to define secure architecture patterns, embed security into technology workflows, improve remediation velocity, and enable scalable security operations. Unlike a primarily operational analyst role, this position is expected to independently lead technical design, engineering, integration, and automation initiatives across the enterprise.
30% - Enterprise Security Architecture and Engineering
- Assesses SBA's enterprise architecture, including infrastructure, cloud platforms, business applications, identity systems, data flows, integration points, and administrative workflows, to identify security risks, design weaknesses, and opportunities for control enhancement
- Evaluates current and proposed technologies for alignment with SBA security requirements, architectural standards, resilience objectives, and operational efficiency goals
- Develops and maintains security architecture patterns, technical standards, reference designs, and implementation guidance for enterprise systems and services
- Partners with Information Technology and business stakeholders to incorporate security requirements into infrastructure modernization, system integration, application deployment, and operational change initiatives
- Recommends and designs enhancements to improve segmentation, hardening, privileged access controls, logging, secure administration, and resilience across enterprise environments
30% - Security Automation and Orchestration
- Designs, implements, and improves automated security workflows to reduce manual effort, increase consistency, and accelerate remediation
- Leads implementation of automated vulnerability patching and secure configuration update processes, in coordination with infrastructure, endpoint, server, and platform owners
- Identifies opportunities to integrate security tools, IT operations platforms, ticketing systems, logging platforms, identity systems, development tools, and asset repositories to streamline workflows and improve operational visibility
- Engineers automation routines, scripts, orchestration logic, and system integrations to support repeatable security operations, control validation, evidence collection, reporting, and response actions
- Works with OIS leadership to define automation priorities that improve mean time to detect, mean time to respond, remediation cycle times, and control reliability
20% - AI-Enabled Security Operations and Advanced Technical Capability
- Evaluates, designs, and helps implement technologies and workflows that support AI-enabled security operations, including enrichment, correlation, prioritization, workflow acceleration, analyst support, and secure use of AI within security processes
- Assesses architectural and governance implications of emerging AI technologies used within the enterprise and within security operations
- Recommends technical safeguards, integration controls, and oversight mechanisms for AI-related tooling, data access, and workflow design in coordination with OIS leadership and relevant stakeholders
- Supports development of an adaptable technical stack that enables modern security operations without compromising governance, confidentiality, or operational control
15% - Secure SDLC, CI/CD, and Application Security Enablement
- In coordination with the Director of Applications Development, assesses SBA's software development lifecycle and CI/CD processes to identify security gaps and opportunities for earlier and more automated control enforcement
- Implements, improves, or coordinates static application security testing, dynamic application security testing, software composition analysis, secret scanning, infrastructure as code scanning, and software bill of materials capabilities, as appropriate to SBA's environment
- Defines secure pipeline requirements and promotes integration of security checks into build, test, release, and deployment workflows
- Partners with developers, administrators, and solution owners to reduce code and dependency risk, improve remediation processes, and strengthen supply chain assurance
- Establishes processes for tracking findings, validating remediation, and reporting on application security posture
05% - Performs other duties as assigned
Requirements
Do you have experience in Writing skills?, Do you have a Bachelor's degree?, Five years of related experience. A postsecondary degree may be used as an alternative for years of direct experience.
Preferences:
- A bachelor's degree from an accredited college or university in cybersecurity, digital forensics, computer science, computer engineering, management information systems, or a related field
Verifiable experience conducting the following:
- Experience designing or assessing enterprise security architecture across hybrid environments
- Experience implementing security engineering controls in cloud, SaaS, infrastructure, identity, and application environments
- Experience evaluating or securing CI/CD pipelines and software development workflows
- Experience implementing or managing SAST, DAST, SCA, SBOM, secrets scanning, infrastructure-as-code scanning, or related application security tooling
- Experience automating security operations, patching, configuration management, workflow orchestration, or control validation
- Experience integrating security platforms, IT operations tools, ticketing systems, and identity/data sources through APIs, scripts, or orchestration platforms
- Experience assessing or implementing AI-enabled operational workflows in a controlled enterprise environment
One or more of the following certifications:
- CompTIA Security+, CompTIA CySA, EC-Council Cybersecurity Analyst (E|CSA), Certified Ethical Hacker (CEH), Certified Incident Handler (CIH), Certified in Cybersecurity (CC), Systems Security Certified Practitioner (SSCP), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or other security-related or relevant IT certifications
Knowledge, Skills and Abilities:
- Knowledge of information security best practices
- Knowledge of the principals of social engineering
- Knowledge of emerging cybersecurity threats, vulnerabilities, and attack techniques through continuous research and study
- Knowledge of Microsoft Windows operating systems for workstations and servers
- Knowledge of Microsoft networking
- Knowledge of IPv4
- Knowledge of IP protocol and networks
- Expert skill in complex problem solving
- Skill in critical thinking, logic, and reasoning
- Skill in time management and adhering to project schedules
- Skill in efficiently utilizing available resources and establishing priorities
- Ability to work with minimal guidance and accountability
- Ability to quickly learn new tools and techniques to keep up with technology's rapid change
- Ability to perform as a team player committed to working with technical and non-technical peers
- Ability to express ideas clearly, both verbally and in writing
- Ability to establish and follow processes and procedures