Security Architect (Data)

Chief Security Architect (Data)

Role Summary

The Chief Security Architect (Data) onsite 5 days a week in Rochester, NY is the senior technical authority responsible for defining and governing the cybersecurity architecture for energy utility data, network, and grid-adjacent environments, including Advanced Metering Infrastructure (AMI), Distributed Energy Resources (DER), and private utility WANs.

This role requires deep expertise in large-scale networking (switching, routing, WAN, transport) combined with cybersecurity architecture and risk assessment, with a strong understanding of IT/OT boundaries, grid modernization, and utility operational risk.

The position plays a critical role in ensuring secure, resilient, and compliant architectures that support grid reliability, customer data protection, and regulatory expectations.

Core Responsibilities

Data and Networking Security Architecture

• Define and maintain the enterprise security architecture for:




• Utility data centers


• Private utility WANs


• AMI head-end and meter data management systems (MDMS)


• DER and grid-edge integration platforms




• Establish architectural standards that enforce:




• IT/OT separation


• Secure utility demarcation points


• Controlled ingress/egress between enterprise, AMI, and operational zones

AMI & DER Architecture Oversight

• Lead security architecture reviews for:




• AMI networks (RF mesh, cellular, fiber-backed aggregation)


• AMI head-end systems and MDMS platforms


• DER integrations (solar, storage, EV charging, microgrids)




• Ensure secure integration of:




• Third-party DER aggregators


• Cloud-hosted AMI and analytics platforms




• Define security controls to mitigate:




• Lateral movement from AMI into enterprise or OT systems


• Unauthorized DER command and control


• Supply-chain and vendor access risks

Networking, WAN & Transport Architecture

• Provide hands-on architectural leadership for:




• Datacenter switching and routing


• Utility private WAN and carrier connectivity


• Inter-data-center and regional transport networks




• Design and review architecture leveraging:




• Cisco Nexus (NX-OS, EVPN, VXLAN, ACI)


• Nokia (SR OS, IP/MPLS, Service Routers)


• Ciena (optical transport, DCI, coherent optics)




• Embed security into:




• BGP, OSPF, IS-IS, MPLS, EVPN


• AMI backhaul and aggregation networks


• Utility-owned and leased transport circuits

Cybersecurity Architecture Reviews & Risk Analysis

• Conduct formal cybersecurity architecture reviews for:




• AMI expansions


• DER onboarding initiatives


• New private and cloud connectivity




• Perform:




• Threat modeling specific to utility attack scenarios


• Attack-path and lateral movement analysis


• Control effectiveness assessments




• Identify architectural risks related to:




• Improper zone termination


• Inadequate segmentation


• Over-trust of vendor-managed systems




• Provide risk-based remediation guided by operational realities.

Segmentation, Zero Trust & Monitoring

• Define segmentation strategies aligned to utility environments:




• Enterprise IT


• AMI / Grid Edge


• OT / Control Systems




• Ensure security architectures support:




• Zero Trust principles where applicable


• Strong identity, authentication, and authorization




• Define monitoring and visibility requirements for:




• AMI traffic


• DER command-and-control paths


• Inter-zone communications




• Ensure integration with:




• SIEM


• Network Detection & Response (NDR)


• Flow telemetry (NetFlow, IPFIX)

Regulatory & Stakeholder Engagement

• Support compliance and audit activities related to:




• Utility cybersecurity regulations and standards


• Internal and external security assessments




• Act as a technical liaison between:




• IT security


• OT engineering


• Grid operations


• Regulatory and compliance teams

Leadership & Influence

• Serve as the senior technical authority for cybersecurity architecture


• Mentor senior architects and engineers across IT, OT, and network domains.


• Influence technology strategy while remaining hands-on and technically credible.

Required Qualifications

Technical Experience

• 10+ years in networking, infrastructure, and security architecture.


• Deep hands-on expertise with:




• Cisco Nexus (9K, NX-OS, EVPN, VXLAN)


• Nokia service routing and IP/MPLS


• Ciena optical and transport networking




• Proven experience designing and securing:




• Utility WANs


• AMI backhaul and aggregation networks


• Multi-site, high-availability architectures

Utility & Cybersecurity Expertise

• Demonstrated experience in energy utility environments.


• Strong understanding of:




• AMI architectures and data flows


• DER integration risks


• IT/OT separation principles




• Experience performing:




• Cybersecurity architecture reviews


• Risk assessments for grid-connected systems

Preferred Qualifications

• Experience with:




• Grid modernization initiatives


• DERMS platforms


• Cloud-hosted AMI or analytics systems




• Certifications (preferred, not required):




• CISSP, CCSP, GIAC


• CCNP / CCIE


• Nokia certifications

Benefits

• Health, dental, and vision coverage


• Life insurance


• 401 (k) w/company match 100% up to 3% and an additional 50% match of 2%


• Paid time off 


• 11 Paid Holidays

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, sex, age, national origin, disability, Veteran status, or any other category protected by federal, state, or local laws.