Principal Cybersecurity Architect – Network Security Posture Management

About The Position

Requirements

• 12+ years of experience in cybersecurity, network security, or security architecture, with at least 5 years in a senior or principal capacity focused on network security posture, compliance, or policy enforcement at scale.
• Deep, hands-on experience with Network Security Posture Management (NSPM) platforms and tools, with a demonstrable track record of designing and operationalizing posture assessment rules across large enterprise networks.
• Comprehensive knowledge of major security standards and frameworks including NIST CSF, CIS Benchmarks, ISO 27001, FISMA, and FedRAMP, with the ability to interpret control requirements and translate them into precise, automatable assessment rules.
• Strong understanding of network device security — including firewall policy analysis, routing protocol security, access control, and configuration hardening across multi- vendor environments (Cisco, Juniper, Palo Alto, Fortinet).
• Proven ability to operate across both strategic and technical dimensions — engaging executive stakeholders on compliance risk while working closely with engineering teams on rule design, data modeling, and platform integration.

Nice To Haves

• Industry certifications such as CISSP, CISM, CCNP Security, or equivalent credentials that demonstrate deep, validated expertise in network security and information security management.
• Prior experience at a network security vendor, MSSP, or large enterprise security team, with direct exposure to how security posture policies are enforced across complex, multi- vendor network infrastructures.
• Familiarity with Zero Trust architecture principles and their practical application to network segmentation, device trust, and least-privilege access enforcement in enterprise environments.
• Experience contributing to or authoring security standards, CIS Benchmark profiles, or DISA STIGs, or participation in industry working groups focused on network security policy and compliance.
• Understanding of CVE lifecycle management, SBOM analysis, and vulnerability correlation as they apply to network device firmware and software supply chain risk assessment.

Responsibilities

• Design and own the security posture assessment rule framework, defining how device configurations, network behaviors, and access controls are evaluated against security standards including NIST CSF, CIS Benchmarks, ISO 27001, FISMA, and FedRAMP.
• Build and maintain a scalable rule authoring and lifecycle management system that allows new security standards and custom organizational policies to be onboarded, versioned, and deployed without platform re-architecture.
• Continuously monitor the evolving threat and compliance landscape — translating emerging standards, regulatory changes, and new CVEs into updated posture assessment rules that keep the platform current and defensible.
• Define the risk scoring and prioritization model that aggregates individual posture findings into a coherent, actionable security posture score at the device, segment, and enterprise level.
• Collaborate with platform engineering teams to ensure posture assessment rules execute efficiently at scale across large network device fleets, with well-defined APIs for rule ingestion, evaluation, and results delivery.
• Engage with enterprise customers and internal stakeholders to understand their compliance requirements, translating them into platform capabilities and serving as the authoritative security subject matter expert for the product.
• Partner with Product and Engineering to shape the NSPM roadmap, ensuring security posture capabilities remain ahead of the regulatory curve and deliver measurable value to network security and compliance teams.
• Mentor engineers and security analysts on posture rule design, threat modeling, and compliance mapping, establishing rigorous review processes that ensure accuracy and defensibility of every assessment rule shipped.

Benefits

• comprehensive medical, dental, and vision plans
• matching 401K
• unlimited PTO and paid holidays
• parental/adoption leave
• legal insurance
• a home technology stipend