Lead Cybersecurity Architect | AirStrip

About The Position

Requirements

• Bachelor's degree in Comp Sciences, Mgmt Info Systems, Cyber Security, Engineering and related fields (commensurate experience may be considered in lieu of a degree)
• Minimum 8 years of previous experience working in information technology
• Minimum 5 years of previous experience working in IT security / cybersecurity
• Certifications: CISSP, CISA, CompTIA, GIAC
• Experience researching, building, and implementing defensive security systems that are used against internal and external attack vectors
• Experience designing and building out application and network security monitoring to aid in detection or forensic investigations
• Background in intrusion detection, security investigations, and incident response
• Deep understanding of MITRE ATT&CK Framework and associated threat actor techniques
• Experience “threat hunting”, i.e. using threat intel to proactively and iteratively investigate these potential risks and finding suspicious behavior in the environment
• Experience investigating data for anomalies in order to identify suspicious behavior
• Experience with Identity and Access Management (IAM), provisioning user accounts and access
• Solid understanding of SIEM tools (LogRhythm, Splunk, Elastic, Etc.)
• Knowledge of compliance frameworks: ITIL, Zero Trust, HITRUST, ISO 27000 series frameworks, NIST, HIPAA
• Strong communication skills and excellent documentation practices
• Knowledge of securing Active Directory, AWS, Azure or similar cloud environments

Responsibilities

• Design, implement and maintain robust security architectures
• Risk mitigation, perform vulnerability management, coordinating with other teams to resolve findings
• Incident Response. Lead incident response to security incidents and conduct post-incident analysis.
• Develop and implement data protection strategies for encryption and data loss prevention.
• Help define and maintain the enterprise security architecture, including reference architectures, patterns, and standards across cloud, on‑prem, SaaS, and hybrid environments.
• Assist in developing and maintaining multi‑year security roadmaps aligned to business objectives, risk appetite, and regulatory requirements (e.g., NIST, ISO 27001, CIS, PCI, HIPAA, GDPR as applicable).
• Lead threat modeling and security architecture reviews for new and existing systems, applications, and integrations.
• Evaluate emerging technologies (zero trust, SASE, EDR/XDR, IAM, data security, AI/ML, OT/ICS) and make recommendations based on risk, value, and operational fit.
• Lead end‑to-end security design for major initiatives (e.g., cloud migrations, new customer‑facing platforms, identity modernization, network segmentation).
• Produce high‑quality security design artifacts: architecture diagrams, data‑flow diagrams, threat models, security requirements, and control mappings.
• Partner with enterprise, cloud, and infrastructure architects to ensure security is embedded in reference architectures and blueprints.
• Provide deep technical guidance to engineering and operations teams on secure design, implementation trade‑offs, and remediation options.
• Assist with data classification‑aligned controls for sensitive data: encryption (in transit/at rest), tokenization, DLP, key management, and privacy‑by‑design principles.
• Collaborate with application and product teams to embed application security practices: secure SDLC, code scanning, dependency management, secrets management, and secure APIs.
• Review high‑risk application designs and third-party integrations; ensure appropriate controls for authentication, authorization, input validation, logging, and monitoring.
• Work with SOC, incident response, and threat intelligence teams to ensure architecture supports effective detection, investigation, and response (telemetry, logging, alerting).
• Participate in major incident response as a senior technical advisor, helping identify architectural weaknesses and longer‑term remediation.
• Translate threat intelligence and lessons learned into architecture updates, new controls, and design patterns.
• Map security architecture and controls to relevant frameworks and regulations (e.g., NIST CSF/800‑53, ISO 27001, SOC 2, PCI‑DSS) and support audits and assessments.
• Contribute to security policies, standards, and guidelines; ensure designs and implementations remain aligned with them.
• Mentor and coach other security engineers and architects, raising overall technical depth and architectural thinking across the team.