Senior Network & Application Architect

About The Position

Requirements

• 7+ years of experience in network, cloud, or application architecture
• Proven experience designing and implementing large-scale, distributed cloud systems
• Deep expertise in Azure (including Entra ID) and/or Google Cloud Platform
• Deep expertise in Network architecture (routing, segmentation, VPNs, firewalls, zero-trust models)
• Deep expertise in Identity & access management (SSO, MFA, RBAC, federation)
• Deep expertise in Secure application design and API security
• Strong experience with Cloudflare (WAF, Zero Trust, DNS, DDoS protection)
• Experience operating in regulated environments (HIPAA, SOC 2, HITRUST)

Nice To Haves

• Experience leading architecture in healthcare or other highly regulated industries
• Familiarity with SIEM, IDS/IPS, and advanced threat detection systems
• Background in DevSecOps and secure software delivery pipelines
• Relevant certifications (e.g., Azure Solutions Architect, Google Professional Cloud Architect, CISSP)

Responsibilities

• Define and own the end-to-end architecture for network, cloud, and application security systems
• Establish architectural principles, standards, and reference designs for scalable, secure systems
• Lead design reviews and provide guidance across engineering teams on infrastructure and application architecture
• Evaluate and integrate emerging technologies to enhance performance, security, and scalability
• Align technical architecture with business goals, compliance requirements, and long-term platform strategy
• Architect secure, highly available multi-cloud environments across Azure and GCP
• Design and implement zero-trust network architectures, including segmentation, identity-aware access, and service-to-service security
• Lead the design of global network infrastructure including VPC/VNet strategy, routing, private connectivity, and edge security
• Oversee Cloudflare architecture (WAF, CDN, Zero Trust, DDoS protection) for performance and security optimization
• Define patterns for secure hybrid connectivity, VPNs, private endpoints, and inter-service communication
• Design enterprise-scale identity and access management strategies using Azure AD (Entra ID) and federated systems
• Establish standards for SSO, MFA, Conditional Access, RBAC, and identity lifecycle management
• Architect secure identity integrations across internal platforms, SaaS applications, and APIs
• Drive adoption of least-privilege and identity-first security models across the organization
• Define secure application architecture patterns aligned with DevSecOps principles
• Lead threat modeling, security design reviews, and risk assessments for critical systems
• Architect secure API ecosystems including authentication (OAuth, OIDC), authorization, and traffic protection
• Establish best practices for secrets management, encryption, and secure service communication
• Guide teams in building secure CI/CD pipelines with integrated automated security controls
• Architect systems and controls aligned with HIPAA, SOC 2, and HITRUST frameworks
• Define governance models for logging, monitoring, data protection, and audit readiness
• Partner with compliance and risk teams to translate regulatory requirements into technical solutions
• Lead audit readiness efforts, ensuring traceability, documentation, and control effectiveness
• Design and oversee centralized logging, monitoring, and alerting architectures (SIEM, cloud-native tools)
• Establish detection and response strategies for security and operational incidents
• Lead root cause analysis and drive systemic improvements across architecture
• Ensure resilience through fault-tolerant design, redundancy, and disaster recovery planning

Benefits

• Competitive base compensation
• Equity through our Employee Stock Option Plan
• Bonus-eligible roles
• Full benefits package
• Unlimited PTO
• 401k program with employer match
• Advance your career in a fast-paced, high-impact environment with ample professional development
• Join a diverse workplace where your ideas and contributions are valued