Staff Security Architect (Cloud Security & Incident Response)

About The Position

Requirements

• Hands-on security architecture and cloud security engineering leadership.
• Strong emphasis on Azure cloud deployments.
• Expertise in identity and access management.
• Experience with DevSecOps.
• Experience with CI/CD and Infrastructure-as-Code (IaC) pipelines.
• Knowledge of policy-as-code and automated security controls.
• Experience architecting identity solutions leveraging OAuth2 / OpenID Connect (OIDC).
• Understanding of least-privilege access and strong authentication mechanisms.
• Experience driving Zero Trust architecture initiatives.
• Familiarity with cloud security controls (e.g., Azure Policy, Defender for Cloud, logging/alerting).
• Experience integrating telemetry into centralized monitoring/SIEM.
• Proficiency in performing security design reviews and threat modeling.
• Ability to develop pragmatic security requirements and controls aligned to business risk and regulatory needs.
• Experience creating implementation-ready artifacts (runbooks, diagrams, reference configs).
• Experience leading technical incident response.
• Ability to triage security events.
• Experience serving as a technical incident commander.
• Skills in conducting root cause analysis and leading post-incident reviews.
• Experience maintaining and improving incident response playbooks, tooling, and escalation paths.

Responsibilities

• Design and evolve PHH/PCCA security architecture standards, reference architectures, and security-by-default guardrails for cloud and hybrid environments.
• Partner with DevOps and Engineering teams to secure Azure deployments (networking, identity, compute, data, and platform services).
• Define secure patterns for CI/CD and Infrastructure-as-Code (IaC) pipelines, including policy-as-code and automated security controls.
• Architect identity solutions leveraging OAuth2 / OpenID Connect (OIDC), least-privilege access, and strong authentication mechanisms.
• Drive Zero Trust architecture initiatives across PHH/PCCA and its operating companies, including segmentation, device/user trust evaluation, and conditional access.
• Implement and tune cloud security controls (e.g., Azure Policy, Defender for Cloud, logging/alerting) and integrate telemetry into centralized monitoring/SIEM.
• Perform security design reviews and threat modeling for new systems, integrations, and major changes; document risks and recommended mitigations.
• Develop pragmatic security requirements and controls aligned to business risk and regulatory needs; help teams implement them efficiently.
• Create implementation-ready artifacts (runbooks, diagrams, reference configs) and provide hands-on assistance during builds and migrations.
• Lead technical incident response across PHH operating companies, coordinating containment, eradication, and recovery activities.
• Triage security events to determine whether incidents can be handled in-house or require escalation/engagement of the virtual CISO (vCISO) and/or external partners.
• Serve as a technical incident commander: manage timelines, coordinate responders, drive decision-making, and ensure clear communications to stakeholders.
• Conduct root cause analysis and lead post-incident reviews to drive preventive improvements (architecture, controls, detection, and process).
• Maintain and improve incident response playbooks, tooling, and escalation paths across subsidiaries to ensure consistent execution.