Cybersecurity Architect

Archer•San Jose, CA

7h•$172,800 - $216,000

About The Position

Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise. Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members. Position Summary The Cybersecurity Architect is responsible for designing and advancing enterprise security controls across endpoints, mobile device management, identity, and certificate services, as well as supporting the cybersecurity architecture. This role focuses on improving device security posture across corporate and managed environments while helping implement scalable, resilient, and audit-ready security capabilities that support business growth, regulatory obligations, and a distributed workforce. This role partners closely with infrastructure, identity, cloud, networking, compliance, and end user computing teams to define technical standards, implement effective security controls, and reduce enterprise risk. The ideal candidate brings strong architectural and hands-on experience across endpoint hardening, MDM, PKI and certificate lifecycle management, Okta, and compliance-aligned control design, especially in environments subject to CMMC and related regulatory requirements.

Requirements

Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, or a related field, or equivalent practical experience.
6+ years of experience in cybersecurity engineering, security architecture, endpoint security, infrastructure security, or related disciplines.
Strong hands-on experience with endpoint hardening for Windows, macOS, and mobile platforms in enterprise environments.
Experience designing, implementing, or administering MDM or unified endpoint management solutions at scale.
Knowledge of certificate services, PKI, certificate lifecycle management, and machine or device identity controls.
Strong experience with Okta, including SSO, MFA, lifecycle management, federation, and policy-based access controls.
Experience designing or supporting security controls aligned to CMMC, NIST 800-171, and similar regulatory or audit requirements.
Strong understanding of Zero Trust security principles, especially as applied to endpoint trust, identity assurance, conditional access, and least privilege.
Experience integrating endpoint security, MDM, identity, and access telemetry into monitoring or incident response workflows.
Ability to create technical standards, architecture diagrams, design documentation, and implementation guidance.
Strong written and verbal communication skills, with the ability to explain technical risks and tradeoffs to both technical and non-technical stakeholders.

Nice To Haves

Experience supporting fully remote or distributed workforce environments.
Experience in regulated industries such as aerospace, defense, manufacturing, healthcare, or financial services.
Familiarity with Microsoft Intune, Jamf, Kandji, Workspace ONE, or other major device management platforms.
Experience integrating device trust and certificate-based controls with conditional access and identity platforms.
Working knowledge of endpoint compliance automation, secure configuration validation, and policy-as-code approaches.
Experience with EDR, vulnerability management, privileged access management, and secure remote administration controls.
Professional certifications such as CISSP, CISM, CCSP, or relevant vendor certifications in identity, cloud, or endpoint management.

Responsibilities

Design and maintain security architecture standards for endpoint, identity, access, device management, and related infrastructure domains.
Develop and improve device hardening standards across Windows, macOS, and mobile platforms, including secure configuration baselines, vulnerability reduction measures, and ongoing control validation.
Support the design and administration of mobile device management capabilities, including secure enrollment, policy enforcement, compliance monitoring, application control, and integration with remote workforce security requirements.
Define endpoint security standards covering operating system hardening, patching, disk encryption, browser security, endpoint protection, local privilege controls, and device health monitoring.
Design and support enterprise certificate strategy and public key infrastructure practices, including certificate issuance, renewal, revocation, lifecycle governance, and integration with authentication and device trust services.
Architect and enhance identity and access controls centered on Okta, including authentication flows, conditional access, lifecycle integration, federation, and alignment with Zero Trust principles.
Translate CMMC and related control requirements into practical technical standards, implementation plans, and architecture recommendations.
Partner with compliance and audit stakeholders to ensure endpoint, identity, and access controls are documented, testable, and capable of producing evidence.
Participate in architecture reviews for endpoint, collaboration, identity, and infrastructure initiatives to ensure security requirements are considered early in design and deployment decisions.
Integrate endpoint telemetry, MDM compliance data, identity signals, and certificate posture into broader monitoring and risk management processes.
Create and maintain reference architectures, design standards, technical documentation, and implementation guidance for secure endpoint and identity services.
Collaborate with engineering, infrastructure, and security operations teams to improve control effectiveness and implementation consistency.
Communicate architectural recommendations, technical risks, and remediation priorities to technical teams and leadership.
Stay current on emerging threats, hardening techniques, endpoint security tooling, MDM capabilities, certificate-based authentication models, and evolving regulatory expectations.