Lead Security Architect

Benefits:

• Long Term Opportunity
• Competitive salary
• Opportunity for advancement

Job Title: Lead Security Architect | Enterprise, Cloud & Application Security
Location: Phoenix, AZ (Day 1 Onsite)
Duration: Long-Term Contract
Interview : Inperson

We are seeking a highly experienced Lead Security Architect with strong hands-on expertise in designing, implementing, and reviewing enterprise security solutions across cloud, application, SaaS, and network environments.

This is not a Security Auditor or GRC-focused role. The ideal candidate must have recent experience driving security architecture decisions, conducting enterprise security reviews, performing threat assessments, and partnering with engineering teams to implement scalable security controls.

The Security Architect will play a critical role in evaluating existing architectures, identifying security risks, defining remediation strategies, and establishing secure design patterns across enterprise platforms.

Required Experience
* 12+ years of overall IT experience
* 5+ years of Security Architecture experience
* Strong hands-on experience designing and implementing enterprise security solutions
* Experience conducting enterprise security reviews and Tiger Team assessments
* Proven expertise reviewing and approving application, infrastructure, and cloud architectures
* Experience creating and maintaining Architecture Decision Records (ADRs)
* Strong communication and stakeholder management skills

Core Responsibilities
* Lead enterprise-wide security architecture reviews and assessments
* Evaluate application, cloud, SaaS, and infrastructure architectures for security risks
* Conduct threat modeling and security design reviews
* Define security standards, patterns, and architectural best practices
* Review and document Architecture Decision Records (ADRs)
* Partner with engineering teams to integrate security throughout the software development lifecycle
* Provide guidance on secure cloud adoption, API security, data protection, and cryptographic controls
* Identify security gaps and develop practical remediation strategies
* Support enterprise initiatives involving AI, Machine Learning, and cloud-native technologies

Required Technical Skills

Enterprise Security Architecture
* Enterprise Security Reviews * Security Architecture Assessments * Security Design Reviews
* Tiger Team Engagements * Risk Analysis * Threat Modeling * Architecture Governance

Application Security (AppSec)
* Secure SDLC * OWASP Top 10 * Threat Modeling * SAST * DAST * Secure Code Review * API Security * Application Security Architecture

Cloud Security
* AWS Security Architecture * Azure Security * Google Cloud Platform (GCP) Security
* Cloud Security Assessments * Cloud Architecture Reviews * Cloud Governance and Security Controls

Network Security
* Network Security Architecture * Palo Alto Firewalls * Network Segmentation * IDS/IPS
* Zero Trust Network Access (ZTNA) * Secure Network Design

SaaS Security
* SaaS Platform Security Reviews * Identity & Access Controls * Third-Party Risk Evaluation
* SaaS Security Architecture

Data & Infrastructure Security
* Cryptography * Data Protection * Database Security Architecture
* PostgreSQL * Big Data Security * Secure Data Architecture

AI & Emerging Technologies
* AI Security * Generative AI Security * Machine Learning Security
* Model Risk Management * AI Governance and Security Controls

Security Frameworks

Experience with one or more of the following:
* NIST Cybersecurity Framework (CSF) * NIST 800-53
* CIS Controls * Zero Trust Architecture
* OWASP * MITRE ATT&CK

Tools & Technologies
* AWS * Azure * GCP * Palo Alto * ServiceNow * GitHub * GitLab * Bitbucket * SVN * PostgreSQL

Preferred Certifications
* CISSP * CCSP * AWS Certified Security Specialty
* TOGAF * SABSA * GIAC Security Certifications

What Were Looking For
The ideal candidate is a hands-on Security Architect who has successfully designed and implemented security solutions across enterprise environments. Candidates with primarily auditing, compliance, governance, risk, or GRC backgrounds without architecture and implementation experience will not be a fit for this role.