Security Architect

About the role

As a Security Architect, you will make an impact by designing, securing, and evolving enterprise-grade network and cloud security platforms that enable secure access, regulatory compliance, and scalable governance across the organization. You will be a valued member of the Cybersecurity Architecture & Engineering team and work closely with security operations, cloud, network, and application stakeholders to modernize security capabilities while maintaining strong operational resilience.

This role blends hands-on engineering, architectural design, and technical leadership, with a focus on firewall platforms, identity, cloud security, SIEM, endpoint protection, and vulnerability management.

In this role, you will:

• Architect, implement, and operate network and cloud security controls, including next-generation firewalls, VPN, WAF, IDS/IPS, segmentation, and Zero Trust access.
• Lead Palo Alto firewall environments across on-prem and Azure, including policy design, lifecycle management, optimization, and threat prevention capabilities.
• Design and manage secure remote access solutions (GlobalProtect / Prisma Access), enforcing Zero Trust and strong authentication controls.
• Oversee Cisco ISE services for identity, AAA, RBAC, and directory/SSO integrations, ensuring strong access governance and auditability.
• Direct the administration and tuning of Web Application Firewalls (WAF) to protect applications from Layer-7 threats, bots, and abuse.
• Implement and manage Microsoft Entra ID, including SSO onboarding, MFA, risk-based authentication, and federation protocols (SAML, OAuth2, OIDC).
• Lead a centralized vulnerability management program using CrowdStrike, prioritizing remediation based on risk, exploitability, and business impact.
• Oversee SIEM and endpoint security operations using CrowdStrike NGSIEM and Falcon, ensuring effective detection, response, and SOAR execution.
• Own major incident response for network and cloud security services, including escalation, stakeholder communication, RCA, and corrective actions.
• Ensure security change governance, compliance readiness, and audit support through evidence collection, recertification, and control attestations.
• Drive continuous improvement and automation, including policy optimization, observability, runbooks, and infrastructure-as-code practices.

What you need to have to be considered

• Extensive experience in network and cloud security architecture and operations, including firewalls, VPN, WAF, IDS/IPS, proxy, and segmentation.
• Hands-on expertise with Palo Alto Networks platforms (NGFW, Panorama/Strata Cloud Manager, WildFire, Threat Prevention, URL Filtering, GlobalProtect).
• Strong experience with identity and access management, including Microsoft Entra ID, MFA, SSO, RBAC, and federation protocols.
• Proven capability in security incident and vulnerability management, including triage, remediation tracking, and root cause analysis.
• Solid understanding of security frameworks and standards, such as ISO 27001/27002, NIST CSF / 800-53, and CIS Controls.
• Experience working within security governance, risk, and compliance programs, including audits and policy enforcement.
• Ability to lead complex technical initiatives while communicating effectively with technical teams and executive stakeholders.
• Strong operational mindset with experience aligning security services to ITSM, change management, and SLA/SLO commitments.

These will help you stand out

• Experience with CrowdStrike Falcon and NGSIEM, including SOAR integrations and SIEM health management.
• Exposure to Zero Trust, ZTNA, and SASE architectures.
• Hands-on experience driving automation and security modernization using IaC, CI/CD, or policy-as-code.
• Relevant security certifications such as PCNSE, CCNP/CCIE Security, CISSP, or CISM.
• Background leading or mentoring teams through security transformation or large-scale platform upgrades.