IT Security Architect-Sec Platforms & Cloud

About The Position

Requirements

• Bachelor’s degree from an accredited college or university in Computer Science, Information Systems, Cybersecurity, or a related field, or equivalent experience.
• Seven (7) years of progressive experience in information security, including hands-on experience with enterprise security platforms.
• Demonstrated experience supporting large-scale, cloud-delivered security services in a regulated environment.
• Valid Texas Class A, B, or C driver’s license, no Driving While Intoxicated (DWI) conviction within the last sixty (60) consecutive months, not more than one (1) DWI on driving record, and not more than three (3) convictions of moving violations within the last thirty-six (36) months to operate DART non-revenue vehicles, or drive in the course and scope of job.
• CISSP or CISM required (or equivalent).
• Deep expertise with Palo Alto Networks security platforms, including XDR/XSIAM and Prisma Access.
• Strong knowledge of endpoint security agents, detection engineering, and response automation.
• Experience with CASB and DLP technologies for SaaS, cloud, and endpoint data protection.
• Understanding of cloud security architectures, secure remote access, ZTNA, and SASE models.
• Familiarity with SIEM, SOAR, threat intelligence, and vulnerability management integrations.
• Working knowledge of identity concepts and integration with IAM/PAM solutions.
• Strong understanding of NIST 800-53, NIST CSF, and ISO 27001/27002 frameworks.
• Knowledge of regulatory requirements impacting security monitoring, access control, and data protection (PCI-DSS, HIPAA, PII, SSI).
• Experience supporting audits, assessments, and control remediation activities.
• Strong architectural, analytical, and problem-solving skills.
• Excellent written and verbal communication skills with the ability to convey complex security concepts clearly.
• Ability to manage multiple initiatives and priorities in a mission-critical environment.
• Sound judgment in balancing security risk, usability, and operational impact.
• Must be able to work variable hours, to include emergency response to outages.
• Must be able to perform work from remote locations as needed.
• Must be able to work in an on-call rotation.
• Must maintain all certification(s) required for this position.

Nice To Haves

• Palo Alto Networks certifications (PCNSE, XDR/XSIAM, Prisma Access) strongly preferred.
• Cloud security certifications are a plus.

Responsibilities

• Serve as the enterprise architect and technical lead for the Agency’s security response and enforcement platforms, including Palo Alto XDR/XSIAM, endpoint agents, and associated telemetry sources.
• Architect and govern Prisma Access cloud-delivered security services, including secure remote access, cloud firewalls, and traffic inspection for users, devices, and locations.
• Design and maintain Prisma Access Browser security architecture to support secure access to SaaS and web-based resources.
• Lead architecture and policy design for CASB and DLP capabilities to protect sensitive data across SaaS, cloud, web, and endpoint environments.
• Ensure consistent user, device, and application policy enforcement across endpoint, network, cloud, and browser-based security controls.
• Design and optimize detection and response use cases within XDR/XSIAM, aligning telemetry, analytics, and automation to Agency threat models.
• Partner with Security Operations to define alerting standards, response workflows, playbooks, and automation opportunities.
• Ensure security platform integrations with SIEM, SOAR, vulnerability management, IAM/PAM, and threat intelligence sources.
• Provide architectural oversight for endpoint agent deployment, configuration, performance, and lifecycle management.
• Define cloud security architecture standards for secure connectivity, segmentation, inspection, and access control using cloud-native and vendor platforms.
• Collaborate with network teams to align Prisma Access architecture with enterprise networking, SD-WAN, and hybrid connectivity models.
• Ensure security controls support Zero Trust Network Access (ZTNA) and least-privilege access models.
• Develop and maintain security platform standards, reference architectures, and design patterns.
• Ensure security platform policies align with business requirements, acceptable use standards, and regulatory obligations (e.g., PCI-DSS, HIPAA, PII, SSI).
• Support internal and external audits by providing architectural documentation, control mappings, and evidence related to security platforms.
• Participate in Change Advisory Board (CAB) reviews to assess security platform impacts of proposed changes.
• Perform security architecture reviews and threat modeling for new systems, integrations, and access models.
• Identify security gaps, misconfigurations, and control weaknesses within security platforms and recommend remediation strategies.
• Evaluate vendor solutions, new features, and roadmap capabilities to inform architectural decisions.
• Act as the primary subject matter expert for enterprise security platforms and cloud-delivered security services.
• Provide architectural guidance and mentoring to security engineers and operations staff.
• Influence cross-functional teams to achieve secure-by-design outcomes without direct authority.
• Stay current on emerging threats, cloud security trends, and security platform innovations.
• Contribute to the Agency’s multi-year security architecture roadmap and platform maturity initiatives.
• Performs other related duties as assigned.