Attack Surface Management Security Architect - Remote or Hybrid in MN or DC
About The Position
The Security Architect serves as a technical security authority supporting mergers and acquisitions (M&A) security implementation programs. This role is responsible for defining, influencing, and implementing security architectures and controls that are being developed to be included within Optum’s current security portfolio, while ensuring integrations are executed securely, efficiently, and in alignment with enterprise risk tolerance. The Security Architect serves as a senior technical authority responsible for defining, enabling, and governing the organization’s Attack Surface Management (ASM) strategy and capabilities. This role focuses on identifying, monitoring, and reducing external security exposure across internet-facing infrastructure, email systems, SaaS platforms, and the dark web. Operating at the intersection of security architecture, threat intelligence, infrastructure, and operations, the Security Architect translates external risk signals into actionable architectures, standards, and remediation strategies. The role partners closely with Enterprise Security, SOC, Threat Intelligence, Infrastructure, Email, Cloud, Application, and Product teams to ensure attack surface visibility is comprehensive, risks are prioritized effectively, and security controls are implemented in alignment with enterprise risk tolerance. Success in this role requires strong architectural judgment, the ability to lead through influence without direct authority, and comfort operating in environments with incomplete or rapidly evolving information.
Requirements
- Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent practical experience
- 8+ years of experience in security architecture, enterprise security, or platform security roles
- Demonstrated experience designing or overseeing Attack Surface Management or external exposure programs
- Solid understanding of: Internet-facing infrastructure and cloud services, DNS, SMTP, TLS certificates, and SaaS exposure, Threat actor reconnaissance and exploitation techniques
- Experience enabling or governing: Dark web monitoring and threat intelligence capabilities, Email security platforms, including Proofpoint, External vulnerability and exposure scanning tools
- Proven ability to operate in ambiguous environments where requirements or solutions are not fully defined
- Exceptional ability to communicate complex security concepts to both technical and non-technical audiences
- Proven track record of leading through influence across organizational boundaries
Nice To Haves
- Experience in healthcare or other highly regulated industries
- Hands-on or architectural experience with the following tools: Proofpoint, Shodan, Xpanse, Tenable (including external attack surface modules), Splunk or similar SIEM platforms
- Prior experience influencing enterprise security platforms or shared services
- Familiarity with regulatory and compliance frameworks (e.g., HIPAA, NIST, ISO, SOC)
- Experience working with executive stakeholders on risk visibility and prioritization
- Mentorship or thought leadership experience within security or architecture communities
Responsibilities
- Serve as the architectural owner for Attack Surface Management, accountable for strategy, tooling, architecture, and risk alignment
- Lead the design and enablement of dark web monitoring capabilities to identify credential leakage, data exposure, brand abuse, and emerging external threats
- Architect and oversee SMTP and email security integrations, including migration and enablement using Proofpoint
- Enable and govern external vulnerability and exposure scanning, leveraging tools such as Shodan, Xpanse, and Tenable
- Define architectural patterns for discovering, classifying, and correlating external assets across infrastructure, cloud, SaaS, and third-party services
- Partner with SOC and Threat Intelligence teams to operationalize ASM findings into detection, alerting, and response workflows
- Translate external exposure data into risk-based insights for technical and executive stakeholders
- Act as a trusted advisor to business and technology leaders by clearly articulating external risk, architectural trade-offs, and remediation options
- Drive alignment across multiple teams with competing priorities using influence rather than authority
- Leverage enterprise-approved AI tools to enhance productivity and innovation by streamlining workflows and automating repetitive tasks.
- Evaluate emerging trends to drive continuous improvement and strategic innovation
- Own and evolve security architecture standards and reference designs related to: Attack Surface Management (ASM / EASM), External asset discovery and inventory, Email and messaging security (SMTP, gateways, SaaS email platforms), Internet-facing network, cloud, and application exposure
- Define integration patterns between ASM tooling and: SIEM and SOAR platforms, Ticketing and remediation workflows, Identity and access management systems
- Evaluate and document external security risks, assumptions, dependencies, and constraints
- Produce high-quality internal artifacts including: Security architecture diagrams and reference architectures, External exposure and capability gap assessments, Roadmap input and architectural recommendations
- Ensure attack surface findings are: Risk-ranked based on exploitability and business impact, Mapped to accountable owners, Tracked through remediation or accepted risk
- Promote automation where possible to reduce manual effort and accelerate exposure detection and response
- Provide architectural oversight during implementation to ensure security intent is preserved
Benefits
- comprehensive benefits package
- incentive and recognition programs
- equity stock purchase
- 401k contribution
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
