Principal, Security Architect

About The Position

Requirements

• Experience: 12+ years of experience in senior technical roles with 5+ years focused on Security Architecture. Demonstrated leadership at the enterprise or divisional level, and a strong background in software engineering, product security, and/or enterprise architecture.
• Architectural Mastery: Deep experience with security frameworks (NIST, ISO 27001, SOC2) and comprehensive knowledge of cloud-native security across Azure and/or AWS.
• Systems Thinking: The ability to see the "big picture," understanding how changes in identity management or network design impact the global data footprint. Expertise in modern authentication protocols like OAuth 2.0, OpenID Connect, and SAML 2.0.
• Technical Depth: Hands-on proficiency in secure network design, IAM, encryption standards, container security (e.g., Kubernetes), and CI/CD plus IaC guardrails.
• AI-Native Behavior: You actively use AI today and can clearly articulate where it helps, where it introduces risk, and the necessary guardrails you apply. You understand the implications of Non-Human Identity and management strategies to reduce risk.

Responsibilities

• Architect and Enforce Secure Cloud Native Guardrails Security as Code and Platform Guardrails: Design and implement enforceable security controls directly into Infrastructure as Code, CI CD pipelines, and cloud control planes. Define reusable, opinionated reference patterns that bake in least privilege IAM, secure defaults, encryption standards, workload identity, network segmentation, and tenant isolation across AWS, Azure, or GCP. Ensure guardrails are preventative by default rather than detective after deployment.
• Secure SaaS Architecture and Isolation: Own and evolve security reference architectures for multi tenant customer facing platforms, including API security, strong service to service authentication, authorization boundaries, secrets management, and blast radius containment. Embed data level protections and isolation controls that scale with product growth.
• Automated Architecture Assurance: Institutionalize automated architecture reviews through policy as code, static analysis, and runtime controls that continuously validate alignment with Zero Trust principles, regulatory requirements, and internal security standards. Replace manual review bottlenecks with scalable, measurable security enforcement.
• Design and Modernize Corporate Security Controls Workforce Identity and Just in Time Access: Design and implement modern workforce identity architecture grounded in Zero Trust principles. Develop and mature just in time and just enough access strategies across SaaS applications, cloud administration, and internal systems. Reduce standing privilege through automated provisioning, strong authentication, device trust, and continuous access evaluation.
• Endpoint and Device Security Strategy: Evaluate, test, and recommend endpoint detection, response, and hardening controls across macOS, Windows, and mobile platforms. Define secure configuration baselines, telemetry standards, and device posture requirements that meaningfully reduce lateral movement and credential theft risk. Continuously assess control efficacy through validation testing and measurable risk reduction.
• Security Orchestration and Automation: Identify and implement automation opportunities across identity, endpoint, and security operations workflows. Architect integrations between IAM, EDR, MDM, SIEM, and ticketing platforms to eliminate manual processes, accelerate containment, and improve signal to noise. Drive security as code and event driven enforcement across corporate systems.
• Control Assurance and Continuous Improvement: Establish mechanisms to test and validate corporate security controls through simulation, access reviews, configuration audits, and adversary emulation. Translate findings into architectural improvements that harden the enterprise environment while maintaining workforce productivity.
• Strategic Advisory and Governance Executive Consultancy: Act as the primary security consultant for executive leadership, translating complex cyber threats, regulatory requirements, and risk posture into actionable architectural guidance.
• Risk-Based Trade-offs: Lead risk-based trade-off discussions regarding security, privacy, usability, and delivery, documenting key decisions and rationale to help teams move quickly and consistently. Actively engage in governance processes to ensure compliance with regulations such as PCI DSS, CCPA, SOC2, ISO 27001, ISO 27701, and ISO 42001.
• Secure and Advance AI Across the Enterprise Product AI Security: Design and review secure architectures for AI enabled product capabilities, including LLM workflows, RAG pipelines, agentic systems, and Model Context Protocol integrations. Define rigorous guardrails for tenant isolation, data ingestion, tool permissions, sensitive data handling, prompt safety, authorization boundaries, output controls, and auditability.
• Corporate AI Governance: Partner with IT, Legal, Data, and Engineering leaders to implement controls for internal AI usage and third party AI services. Establish lifecycle governance for model selection, validation, monitoring, and retirement aligned with emerging standards and regulation. Prevent sensitive data leakage, manage vendor risk, and enforce privacy, compliance, and intellectual property protections.
• AI Driven Security and Emerging Technology: Leverage AI to enhance detection, response, and secure development workflows while mitigating risks such as prompt injection, model abuse, adversarial manipulation, and model poisoning. Evaluate and guide adoption of emerging technologies to ensure long term resilience against sophisticated threat actors.

Benefits

• Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.
• Holistic health and wellness benefits: Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical.
• Support for Titans at all stages of life: Parental leave and support, up to $20k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more.