Architect I, Enterprise Security

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related field (or equivalent experience) required
• Foundational understanding of cybersecurity principles, including identity and access management, encryption, network security, and secure system design required
• Basic familiarity with distributed systems, mobile devices, and cloud-based platforms required
• Awareness of cybersecurity frameworks and regulatory requirements required
• Strong analytical, documentation, and communication skills required
• Experience translating security reports, including risk assessments and Pentest into actionable items, including experience creating and reviewing Plan of Action and Milestones, required
• Must be able to comply with all company policies, rules, procedures and Code of Conduct
• Must be able to interact well with others
• Must be able to work independently, or in a team setting
• Must be capable of working under tight time constraints in a high volume environment with multiple priorities
• Responds well to questions; Ability to read, interpret and comply with written information and documents such as safety rules, operations / procedure manuals and maintenance instructions with a high comprehension and concentration level to include the ability to meet deadlines
• Must pass a pre-employment drug screen, random drug and/or alcohol tests, and will be subject to a criminal history background check
• Must be authorized to work in the United States

Nice To Haves

• Familiarity with third-party risk management or vendor security assessments preferred
• Exposure to incident response, operational resilience, or business continuity planning preferred
• Strong verbal and interpersonal skills, including IT training experience preferred
• Basic presentation skills, including experience presenting technical topics preferred
• Collaborative mindset and ability to work across IT, security, and operations teams preferred
• High ethical standards and commitment to protecting people, assets, and operation preferred
• Strong interest in securing operational, safety-critical, and real-time systems preferred
• Detail-oriented with a focus on availability, resilience, and risk reduction preferred
• Understanding of Nmap, Kali, Cobalt Strike and other Breach and Attack Security testing tools preferred
• Understanding of STIG, SCAP, Nessus, ExtraHop, Sentinel One, Varonis, Velociraptor and Proofpoint preferred
• Basic understanding of IoT, OT, or embedded device security concepts preferred

Responsibilities

• Assist in designing and documenting secure architectures for Estes platforms, both on-premises, cloud/SaaS/PaaS environments and operational networks.
• Help define and track cybersecurity metrics related to the threat landscape, compliance status, risk scores, control effectiveness and organizational security posture. Outcomes may lead to one or multiple cybersecurity dashboards or near real-time reports.
• Support initiatives to reduce human-centric & social engineering risk, including phishing, credential misuse, and unsafe workarounds across the environment. Including, but not limited to, communication plans, reporting, training and best practices.
• Participate in the development of regular proactive cybersecurity practices such as, but not limited, to internal phishing programs, ethical hacking, threat hunting, vulnerability management and end user behavior analysis.
• Assist in documenting architectural controls to support security audits, regulatory reviews, and customer assurance requests.
• Assist with vulnerability management, policy definition and review, platform configuration, patching compliance, audit management, and security monitoring.
• Assist in assessing cybersecurity risks associated with device & sensor providers, technology vendors, equipment manufacturers, and third-party partners.
• Maintain security reference architectures, standards and best practices.
• Support security architecture reviews for physical facilities, third party platforms, connected devices and IoT/sensor devices.
• Support reviews of vendor security controls, software dependencies, and data-sharing mechanisms.
• Collaborate with IT, security, and operations teams to ensure security controls are usable and aligned with operational realities.
• Understand sensor/IoT/connected device security, including security controls, device hardening, encryption, and regular firmware updates. Connected devices include scanners, readers, cameras and vehicle-mounted telematics units.
• Assist in post-incident and operational disruption reviews to identify cybersecurity gaps and improvement opportunities.
• Develop and review cybersecurity controls for device identity, secure onboarding, authentication, encryption, firmware integrity, and lifecycle management.
• Assist in embedding security awareness and accountability into operational workflows and technology design.
• Support Security Requirements Guides for cloud-based assets and systems, including CNAPP or CASB integrations.
• Help track and document Software Bills of Materials (SBOMs) and third-party risk artifacts for critical operational technologies.
• Support alignment with applicable cybersecurity and transportation-related frameworks and requirements, including NIST CSF, NIST 800-53, NIST 800-82 (OT), ISO 27001, and customer-driven security obligations.
• Possesses an understanding of how to prioritize and implement security design principles. Examples include CIS Critical controls, NIST 800-53a and ISO 27001, as well as the use of DSPM.
• Demonstrate the established “TRUCKS” cultural principles of transparency, responsiveness and resiliency, understanding, continuous improvement, knowledge sharing, and simplicity throughout the organization: Our IT organization is grounded in a shared commitment to core principles that shape how we work and deliver value. We uphold transparency by communicating openly, fostering trust, and ensuring visibility into decisions and progress. We design for resiliency, creating systems and processes that are dependable, adaptable, and able to recover quickly from setbacks. We prioritize understanding—of our business goals, our users, and the technologies we steward—to ensure alignment and relevance. We pursue continuous learning, staying curious and open to growth in a rapidly evolving landscape. We promote knowledge sharing to strengthen collective expertise and collaboration across teams. And we seek simplicity in our solutions, reducing complexity to make our work more maintainable, efficient, and user-friendly.
• Regular attendance is required.
• This is not an all-inclusive list of job requirements and/or duties and may not contain all mental and physical capabilities necessary to perform the job at all times due to circumstances. Operational, safety and other needs may require the employee to perform any and all other duties as assigned. Employees are expected, and must be able to perform all such duties and tasks.