Senior Principal, Cybersecurity Architect

About The Position

Requirements

• 12+ years in cybersecurity, with 7+ as a hands-on architect at Fortune 500 scale.
• Authorship — not familiarity — with agentic AI and AI-SPM architecture. You have designed guardrails for AI agents in production: scope, prompt auditing, tool permissions, MCP supply chain.
• CI/CD experience. Signed SBOMs, artifact provenance, runtime posture management, configuration drift — and you can defend the architectural choices on a whiteboard.
• IaC-first instincts. Terraform, hardened images, private-by-default, zero trust. You have shipped the automation, not just sketched it.
• M&A integration scars. You have absorbed acquired environments at speed without breaking the security posture. Enclave models and brokered access are second nature.
• Deep cloud architecture across OCI, Azure, or GCP. Multi-cloud preferred.
• A point of view on where cybersecurity is headed in the next 6–12 months. You build to where the industry is going, not where it is.
• Bachelor’s degree in Computer Science, Information Assurance, MIS, or equivalent practical experience.
• CISSP, CISM, or SANS GIAC

Nice To Haves

• Master’s preferred.

Responsibilities

• Define and maintain the enterprise identity reference model, including zero trust, identity governance, access lifecycle, and privileged access concepts
• Define and maintain the enterprise application security reference model, including secure software development lifecycle, code-to-cloud, signed software bills of materials, artifact provenance, and runtime posture management
• Partner with infrastructure leaders to embed security architecture across network, endpoint, cloud platform, and data center environments
• Partner with engineering leaders to embed security architecture into developer pipelines, secure-by-design patterns, and continuous integration and delivery controls
• Partner with enterprise application and data leaders to embed security architecture across ERP, business systems, third-party integrations, data classification, lineage, and access models
• In partnership with the VP, IT Strategy & Architecture, define and maintain the security reference architecture for mergers and acquisitions integration, so acquired environments can be absorbed at speed while preserving security posture
• Establish architectural guardrails for agentic AI across the security function and the enterprise, including scope boundaries, prompt auditing, tool permissions, AI security posture management, and model supply chain controls
• Engineer for simplicity, standardization, and automation in every control. Automation comes before headcount — the charter is to size cybersecurity to QXO’s risk and scale.
• Hold the line on private-by-default, zero trust, and CIS hardening via Infrastructure-as-Code. Anything that ships at QXO ships hardened.
• Translate cybersecurity architecture into business outcomes. Tight, data-backed, no jargon unless warranted.
• Lead by architecture, not by org chart. Influence the technical direction across IT, engineering, and external implementers without owning their headcount.
• Anchor the program to NIST CSF 2.0. Own the architectural roadmap that drives measurable maturity gains year over year.

Benefits

• Base pay range: $147,200 - $235,500
• Annual performance bonus
• Long term incentive (equity/stock)
• 401(k) with employer match
• Medical, dental, and vision insurance
• PTO, company holidays, and parental leave
• Paid Time Off/Paid Sick Leave: Applicants can expect to accrue 15 days of paid time off during their first year (4.62 hours for every 80 hours worked) and increased accruals after five years of service.
• Paid training and certifications
• Legal assistance and identity protection
• Pet insurance
• Employee assistance program (EAP)