Cyber Security Architect & Strategist

About The Position

Requirements

• Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years’ experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
• OR master’s degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years’ experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
• OR bachelor’s degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years’ experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
• OR equivalent experience.
• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role. These requirements include, but are not limited to the following specialized security screenings: Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

• 3+ years of informal or indirect team leadership experience.
• 2+ years’ experience leading a security function (e.g., Security Operations Center [SOC], threat and vulnerability management).
• CISSP, CISA CISM, SANS OSCP, Security+
• Proven OT/ICS expertise (PLC/RTU, SCADA/HMI, industrial networking, safety systems), with 8+ years designing secured industrial systems and leading cross‑functional architecture efforts at enterprise scale.

Responsibilities

• Set and maintain the OT security architecture strategy for critical infrastructure services; define principles, guardrails, and roadmaps that mature security capabilities. Establish mechanisms to govern expectations, edge cases, and cross functional dependencies.
• Translate business goals into security designs across identity, network, devices, data, applications, and operations using Zero Trust‑aligned patterns including defining clear success criteria and metrics ensuring teams integrate these principles to preclude vulnerabilities.
• Build deep partnerships and mentorships across Microsoft to align architecture with build/operate workflows and program priorities to address threats and encourage innovation for unified systemic solutions.
• Apply NIST CSF 2.0‑aligned controls across datacenter systems; partner with Azure/security teams on governance, posture management, and detect/respond patterns. Translate evolving regulatory frameworks (e.g., NIS2) into actionable engineering and operational guidance.
• Drive the utilization of automation and AI to prioritize and realize improvements to organizational strategy, processes, products, services, and solutions.
• Serve as a key member of our Architect Review Board (ARB) and partner across organizations to review designs, advise on threat models, Bill of Material/SKU changes for new innovations or iterative designs.
• Drives the execution of organizational strategies related to the identification of data requirements and gaps in measurement and implements mitigation strategies to close gaps. Influences best practices around the prioritization of findings and ensures resolution of high-priority issues.
• Ensure alignment between OT cybersecurity strategy, physical infrastructure realities, and evolving operational models, ensuring defensible, scalable, and pragmatic architectures.
• Drives and facilitates of knowledge-sharing sessions, workshops, and participation in external security events to enhance expertise and industry presence.
• Define and track cyber security specific Key Performance Indicators demonstrating architecture maturity, adoption, and compliance outcomes, recognizing long‑term value creation in focus areas.
• Facilitates partnership with Microsoft Red Team and other security teams; serves as a resource on how weaponized code can impact operations across teams. Empowers teams to identify and recommend tactical tools for larger scale automation.