Security Architect

Position: Cybersecurity Architect 

Location: Remote or Hybrid is within travel distance to Tustin, CA office

Pay:  $175k to $225k a year

Disclaimer:  Identity Verification checks are in place throughout the Candidate journey to prevent candidate fraud.

Position Summary:

The Cybersecurity Architect plays a pivotal role in shaping the enterprise’s security strategy and architecture. This senior-level position is responsible for designing, implementing, and evolving security solutions that align with business priorities, regulatory requirements, and industry best practices. Acting as a trusted advisor and technical leader, the Cybersecurity Architect partners across teams to embed security into every layer of the organization’s technology stack.

This role requires a forward-thinking strategist with deep technical expertise, strong business acumen, and the ability to influence and lead in a complex, fast-paced environment.

Duties and Responsibilities:

• Collaborate with the Office of the CISO to define security architecture direction, priorities, and strategic initiatives.
• Lead the design, engineering, and continuous improvement of enterprise security architecture across cloud, hybrid, and on-prem environments.
• Develop and maintain security reference architectures, technology roadmaps, and standards that support business growth and risk management.
• Conduct architecture and design reviews, ensuring security requirements are integrated into all solutions and systems.
• Lead technical proof-of-concepts and prototyping to evaluate and validate new security technologies and approaches.
• Provide technical leadership and mentorship to teams across security, infrastructure, and development.
• Act as a security liaison to senior engineering and IT leadership, fostering a culture of security-by-design.
• Stay current on emerging threats, trends, and innovations, and incorporate findings into architectural strategies.
• Support incident response efforts with architectural post-mortem review and recommended remediatory improvements to strengthen cyber resilience.
• Author and maintain technical documentation, reports, and strategic security programs.

Qualifications:

• Strong understanding of attack vectors, threat modeling, and defense-in-depth strategies.
• Strong understanding of architectural and engineering concepts including but not limited to:
• Application Detection and Response (ADR)
• AI Security Posture Management (AI-SPM)
• Cloud Detection and Response (CDR), Cloud-Native Application Protection Platform (CNAPP), Cloud Security Posture Management (CSPM)
• Data Loss Prevention (DLP)
• Data Security Posture Management (DSPM)
• Encryption technologies, Public Key Infrastructure (PKI), Hardware Security Modules (HSM), and cryptographic key management
• Identity Threat Detection and Response (ITDR)

• Managed Detection and Response (MDR)
• Network Access Control (NAC)
• Network Generation Firewalls (NGFW)
• Next-generation Security Information and Event Management (SIEM)
• Secure Access Service Edge (SASE)
• Unified multi-cloud Network-as-a-Service (NaaS)
• Zero Trust Network Access (ZTNA)

• Proven ability to lead complex security initiatives from concept to execution, independently and collaboratively.
• Strong communicator with the ability to engage both technical and non-technical audiences, including executive stakeholders.
• Experience collaborating across engineering, infrastructure, DevOps, and risk management functions.
• Deep familiarity with industry frameworks and standards, such as:
  • NIST CSF, CIS Controls, MITRE ATT&CK, NYDFS, PCI-DSS, etc.
• Demonstrated experience integrating security into governance, risk, and compliance efforts.

Education, Experience and Certification:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or related field; advanced degree preferred.
• 15+ years of experience spanning cybersecurity architecture, cloud security and senior-level engineering roles.
• One or more of the following certifications required:
• CISSP, CCSP, CISM, GIAC (GSEC, GMON), OSCP/OSCE, CEH, TOGAF, CASP+, etc.
• Experience in financial services or mortgage industry is a plus.

Reporting Line:

• Primary: Directly reports to the Director Cybersecurity Services
• Secondary: Office of the CISO to ensure alignment with the CISO, enterprise security strategy and priorities

Work Authorization:

Must be able to verify identity and employment eligibility to work in the U.S.

Other Duties:

This job profile is not intended to be an all-inclusive list of job duties and responsibilities, as one may perform additional related duties as assigned in order to meet the needs of the organization.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Must be able to lift up to ten pounds. Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a keyboard; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction. HEARING: Hear in the normal audio range with or without correction.

[EOE/M/F/D/V. Drug-free workplace.]

#LI-KH1

#Remote