Information Security Architect

📋 Description

• • Serve as the technical owner for the architecture, selection, and continuous improvement of security operations platforms including SIEM/SOAR, EDR, CSPM, cloud workload protection, container security, email security gateway, and UEBA across hybrid-cloud environments.
• • Define platform integration strategies, data pipeline designs, and operational standards for enterprise-scale deployment and maintenance of security tooling.
• • Design and lead implementation of security automation and orchestration capabilities to reduce manual effort, accelerate detection and response, and scale security operations effectiveness through automated ticketing and findings resolution.
• • Partner with Enterprise Security Architects, IT, engineering, and cross-functional business stakeholders to embed security operations requirements into platform, application, and infrastructure decisions.
• • Lead vendor evaluation and technology selection for security operations tooling, providing risk, cost, and capability trade-off analysis to inform strategic investment priorities.
• • Provide direct technical guidance to Security Operations leadership to shape strategy, roadmap, and investment decisions based on evolving threat landscapes and business requirements.
• • Mentor security engineers and analysts through architecture reviews, structured coaching, and hands-on collaboration to build technical depth and security maturity.
• • Design, implement, and optimize detection and response capabilities at enterprise scale, including development and tuning of SIEM use cases, correlation rules, and alert logic aligned to adversary TTPs and organizational threat models.
• • Design and manage log ingestion pipelines, data source onboarding, and log lifecycle strategies to support detection, compliance, and forensic requirements.
• • Analyze security systems continuously to identify opportunities for improvement via automation, process refinement, or architectural enhancements.
• • Apply working knowledge of vulnerability management platforms, attack surface management, penetration testing tooling, privileged access management (PAM), and identity threat detection and response (ITDR).
• • Architect security controls across hybrid-cloud environments with hands-on experience in CSPM, cloud-native security services, cloud identity security, security-as-code practices, and cloud compliance frameworks.
• • Develop and maintain security automation using SOAR playbooks, API integrations, and scripting languages including Python, Ruby, C#, and REST APIs.
• • Operationalize threat intelligence into detection and response by applying advanced understanding of adversary tactics, techniques, and procedures (TTPs).
• • Apply the MITRE ATT&CK framework to guide detection engineering and security architecture decisions.
• • Design or mature threat hunting capabilities, including developing hunting hypotheses, structured methodologies, and translating hunt findings into new detection content.
• • Participate in incident response activities with hands-on incident management experience preferred.
• • Monitor emerging threat landscapes and technology trends, translating findings into sustainable, integrated security architecture and actionable recommendations for leadership.
• • Develop multi-year security operations technology roadmaps and lead vendor evaluation and selection processes.
• • Apply working knowledge of enterprise security frameworks including NIST CSF, ISO 27001, and PCI-DSS.
• • Demonstrate familiarity with enterprise architecture methodologies such as TOGAF or equivalent.
• • Understand AI/ML-driven security capabilities and their operational security implications.
• • Maintain awareness of emerging security domains including AI Security Posture Management (AISPM) and supply chain security.
• • Read, write, speak, and understand English fluently in a business environment.