Director, Security Architecture & Engineering

About The Position

Requirements

• Extensive experience in progressive cybersecurity, with equivocal expertise in a technical architecture, engineering leadership, or hands-on security infrastructure role.
• Deep expertise in security architecture across hybrid enterprise environments, including identity and access management, network segmentation, endpoint security, cloud/SaaS hardening, and exposure management.
• Demonstrated success designing and delivering secure architecture programs, including Secure by Design frameworks, threat-informed reference architectures, and platform security initiatives.
• Familiarity with modern authentication and access control frameworks, including Entra ID (Azure AD), Microsoft 365, phishing-resistant MFA (e.g., FIDO2, number matching), PIM/JIT, device trust, and conditional access.
• Experience building and leading high-performing security teams, with a proven ability to mentor talent, drive accountability, and manage cross-functional delivery.
• Strong communication and stakeholder management skills, with the ability to effectively translate technical risk for both technical and non-technical audiences.
• A demonstrated commitment to mission-driven work and an understanding of the role of security in protecting civil liberties, legal advocacy, and digital rights.
• Hands-on experience maturing core cybersecurity domains such as attack surface management, segmentation enforcement, secure integration design, and insider threat mitigation.
• Technical experience with Microsoft 365 security configuration, Microsoft Purview data protection features (DLP, sensitivity labels), AWS service hardening, and secure data platform integration.
• Familiarity with the legal and advocacy sector’s unique operational needs, including privilege boundaries, sensitive communications workflows, and affiliate organizational structures.

Nice To Haves

• Certifications such as CISSP, CCSP, GIAC (GCSA, GMON, GCPN), or cloud-specific security certifications (e.g., AWS Security Specialty, Azure Security Engineer Associate) are welcome but not required.

Responsibilities

• Lead the development and execution of the ACLU’s Secure by Design and Secure by Default strategy; translate policy and risk priorities into reference architectures, technical baselines, and automated guardrails.
• Establish and chair the Control Design Review Board (CDRB) to govern architectural decisions involving identity boundaries, network segmentation, data egress, privileged access, third-party integrations, and other critical control points.
• Define, publish, and maintain enterprise reference architectures covering cloud services (Microsoft 365, AWS), identity zones, network segmentation tiers, privileged access models, SaaS security, and service-to-service authentication standards.
• Drive the secure implementation of ZTNA/SASE, configuration drift detection, phishing protection, and secure baseline management across cloud, endpoint, and infrastructure systems.
• Oversee the development and enforcement of modern identity and access management models.
• Design and implement an enterprise segmentation strategy, incorporating both macro- and micro-segmentation approaches to reduce lateral movement risk and isolate sensitive business processes and data environments.
• Oversee the organization’s Attack Surface Management (ASM) capabilities by formalizing asset inventory, exposure tracking, remediation prioritization, and SLA adherence across all relevant environments.
• Advance the ACLU’s Insider Threat and Data Protection programs.
• Provide executive-level decision-making on risk tradeoffs, technical exceptions, and compensating control design, ensuring a clear path to resolution with expiration timelines and audit visibility.
• Partner with the GRC to align technical controls with policy, regulatory requirements, vendor standards, and internal audit frameworks.

Benefits

• Time away to focus on the things that matter with a generous paid time-off policy
• Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment)
• Plan for your retirement with 401k plan and employer match
• We support employee growth and development through annual professional development funds, internal professional development programs and workshops