Director of Security Architecture & Engineering (remote)

About The Position

Requirements

• 10+ years of progressive experience in cybersecurity, with significant leadership experience spanning security architecture, security engineering, application security, product security, security automation, AI security, and/or closely related domains.
• Experience leading senior technical teams and managing a mix of full-time employees, contractors, consultants, vendors, and external partners.
• Demonstrated ability to build or mature security functions, including role clarity, operating model design, prioritization, hiring, coaching, and delivery accountability.
• Strong background in enterprise security architecture and the design of scalable security patterns and controls for regulated, hybrid, cloud, SaaS, application, identity, data, and AI-enabled environments.
• Practical experience leading security engineering functions across cloud security, identity, endpoint/server hardening, automation, infrastructure security, SaaS security, and control implementation.
• Experience building or maturing application and product security programs, including secure SDLC practices, secure design, threat modeling, code and pipeline security, SAST/DAST/SCA/IaC, vulnerability remediation, and developer engagement.
• Familiarity with AI security, agentic AI considerations, data security, AI governance, AI-generated code risks, model/tool access control, prompt and data leakage risks, shadow AI, and safe AI enablement patterns.
• Experience or strong working knowledge of non-human identity security, including service accounts, API keys, OAuth applications, tokens, secrets, machine identities, agent identities, ownership, lifecycle management, least privilege, and automated revocation.
• Experience applying automation to security engineering, application security, vulnerability triage, remediation workflows, compliance evidence, control validation, or reporting.
• Demonstrated understanding of exposure reduction and impact reduction strategies, including ZTNA, microsegmentation, egress filtering, privileged access controls, phishing-resistant MFA, device posture, hardening, and compensating controls for legacy systems.
• Demonstrated ability to partner effectively with Engineering, Infrastructure, Architecture, Data, AI, Product, Legal, Procurement, Finance, Talent, GRC, IAM, SOC, and executive stakeholders.
• Strong judgment in balancing strategic direction with pragmatic execution in lean, evolving, or resource-constrained organizations.
• Excellent communication skills, including the ability to simplify complex technical topics, explain risk and tradeoffs, influence senior leaders, and align technical teams around outcomes.
• Experience in healthcare, regulated environments, or other complex enterprise settings.
• Experience designing controls that support regulatory compliance requirements, including HIPAA and related security, privacy, and assurance expectations.
• Familiarity with modern cloud-native architectures, DevSecOps practices, enterprise platform transformation, application modernization, and resilient infrastructure and application design.
• Experience rationalizing or modernizing security tools and processes, including vendor evaluation, integration strategy, automation opportunities, build-vs-buy decisions, and measurable value realization.
• Background supporting secure architecture and engineering in hybrid environments with both legacy and modern platforms.
• A strong technical leader with architectural depth, engineering credibility, and the ability to assess modern security products, AI-enabled capabilities, and automation opportunities.
• Comfortable operating in a lean organization where prioritization, leverage, and cross-functional influence matter.
• Able to set direction while also driving execution, removing blockers, and holding teams accountable for measurable outcomes.
• Skilled at building trust across security, infrastructure, engineering, data, AI, product, and business teams.
• Focused on outcomes, not just activity, with a bias toward reducing material risk and enabling the business safely.
• Effective in leading teams through change, role clarity, capability uplift, and maturity improvement.
• Comfortable inheriting a team with mixed tenure, mixed skill profiles, and contractor support, then shaping it into a more cohesive, automation-enabled function.
• Individual in this position must be able to work in a standard office environment which requires sitting and viewing monitor(s) for extended periods of time, operating standard office equipment such as, but not limited to, a keyboard, copier, and telephone.

Responsibilities

• Define and lead the vision, strategy, roadmap, and operating model for security architecture, security engineering, application/product security, AI security enablement, and security automation, aligned to business priorities, regulatory expectations, and enterprise risk.
• Build a cohesive operating model across architecture, engineering, application security, and automation, including intake, prioritization, delivery management, role clarity, stakeholder communication, and measurable outcomes.
• Establish and mature enterprise security architecture standards, reference patterns, secure-by-default design principles, and design review processes that improve consistency, reduce risk, and reduce friction for technology teams.
• Lead security engineering to deliver scalable preventative and detective controls, hardening, automation, and reusable security patterns across identity, cloud, endpoints/servers, enterprise platforms, SaaS, data, and other core technology environments.
• Drive application and product security maturity across the software development lifecycle, including secure design, threat modeling, code and pipeline security, SAST/DAST/SCA/IaC coverage, vulnerability remediation practices, developer enablement, and tooling effectiveness.
• Provide security architecture and engineering leadership for AI and data use cases, including secure design patterns, data protection, access control, AI-generated code risk, agentic AI considerations, guardrails, and alignment with enterprise AI governance expectations.
• Partner with IAM, AI, and platform teams to mature non-human identity controls, including ownership, inventory, least privilege, secrets lifecycle, scoped permissions, automated revocation, and monitoring for service accounts, workloads, APIs, integrations, and AI agents.
• Lead practical security automation efforts that improve engineering throughput, application security coverage, vulnerability triage and remediation support, control validation, evidence collection, reporting, and repeatable security workflows.
• Partner with the SOC Director and Security Operations team to ensure architecture, controls, telemetry, automation, and platform integrations support faster detection, response, containment, and recovery.
• Modernize security controls and architecture patterns to reduce exposure and potential impact, including support for zero trust network access, microsegmentation, egress controls, phishing-resistant MFA, privileged access controls, endpoint/server hardening, secrets management, cloud security, SaaS security, and compensating controls for legacy assets.
• Hire, lead, coach, and develop a team that includes, or will include, security architecture, security automation & engineering, product / application security engineering, identity security engineering, and AI security architecture / engineering / governance capabilities, along with contractors and external partners.
• Partner with Engineering, Infrastructure, Enterprise Architecture, Data, AI, Product, GRC, IAM, SOC, Legal, Procurement, and other business leaders to embed security requirements into major initiatives such as cloud architecture, platform changes, application modernization, third-party integrations, and emerging AI/data use cases.
• Balance strategic architecture work with pragmatic delivery by focusing the team on the highest-risk, highest-leverage work, improving throughput, removing blockers, and ensuring commitments are met.
• Assess current tools, vendors, processes, and control effectiveness; simplify, standardize, automate, integrate, or replace where needed to improve scalability, reduce security friction, and support sustainable execution.
• Provide security architecture and engineering leadership for major technology initiatives, ensuring risks are understood early and practical mitigations are built into plans.
• Align with peer leaders across the security program, including GRC, Security Operations, IAM, to ensure consistent priorities, messaging, and execution.
• Define and report on metrics that demonstrate progress, such as control adoption, application security coverage, remediation throughput, automation impact, secure pattern adoption, NHI risk reduction, developer friction, and safe AI adoption.
• Identify capability gaps and build a practical growth plan for the function as priorities, risks, threats, capabilities, budget, and staffing needs evolve.
• Select, develop, and evaluate staff to ensure efficient team operations.
• Ensure compliance with HIPAA regulations and requirements.
• Demonstrate Company's competencies and core values held within.
• The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

Benefits

• health insurance
• 401k
• bonus opportunity
• Medical, dental and vision coverage with low deductible & copay
• Life insurance
• Short and long-term disability
• Paid Parental Leave
• 401(k) + match
• Employee Stock Purchase Plan
• Generous Paid Time Off
• 10 paid company holidays
• Tuition reimbursement
• Flexible Spending Account
• Employee Assistance Program
• Sick time benefits