Enterprise Security Architect

Job not on LinkedIn

🔥 0 minutes ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Foxtrot Division

Foxtrot Division

1 - 10 employees

Founded 2015

🔒 Cybersecurity

🏛️ Government

🤝 B2B

Cybersecurity • Government • B2B

Foxtrot Division is a provider of military-grade software and cyber systems engineering that delivers secure, mission-focused solutions with an emphasis on user experience. They offer full cyber system lifecycle support, custom software development and integration, DevOps-driven engineering, RMF-aligned cybersecurity implementation, and data & information visualization to support rapid, informed decision making. Foxtrot Division primarily serves clients requiring federal and military security standards and hardened, enterprise-grade cyber systems.

📋 Description

• Serve as the lead architect and subject matter expert for enterprise security strategy, design, and modernization across on-premises, managed hosting, hybrid, and cloud environments. • Define and maintain a cohesive, layered security architecture that clearly establishes trust boundaries, control placement, security responsibilities, and where prevention, detection, response, and visibility should occur throughout the environment. • Establish standardized front-door patterns for externally accessible applications and services using technologies such as F5 BIG-IP, Akamai, cloud-native web application firewalls, and other approved edge-security controls. • Develop phased migration strategies to place existing public-facing websites and applications behind approved enterprise ingress and application-security services, including workloads hosted in data centers, managed hosting environments, Microsoft Azure, and Amazon Web Services. • Identify and address direct-to-origin exposure and other paths that could allow traffic to bypass approved application delivery, certificate management, logging, or security controls. • Design secure and resilient enterprise ingress and egress architectures, including additional egress capabilities, security service chaining, load-balancer-based architectures, centralized certificate management, and highly available traffic-management patterns. • Evaluate the effectiveness of border, upstream, mid-tier, and downstream firewall controls. Identify opportunities to simplify rule sets, eliminate unnecessarily permissive access, improve early-path blocking, and reduce the operational burden placed on downstream security platforms. • Validate whether network and application-security controls are operating as intended through architecture reviews, configuration analysis, traffic-flow validation, and telemetry assessment. Collaborate with service providers and engineering teams to identify enforcement, visibility, and ownership gaps across security layers. • Establish and lead an enterprise PKI architecture, including certificate authority and trust models, certificate enrollment and issuance, key protection, revocation, lifecycle management, governance, automation, and integration with enterprise and cloud-hosted systems. • Define enterprise IAM architecture patterns addressing authentication, authorization, identity federation, privileged access, machine and workload identities, network access control, and the integration of identity context with infrastructure and application-security controls. • Provide architectural oversight and hands-on technical guidance for technologies including Cisco ASA, Cisco Identity Services Engine, Palo Alto Networks next-generation firewalls, F5 BIG-IP, IAM platforms, web application firewalls, and related enterprise security capabilities. • Define reusable security architecture patterns for Azure and AWS, including secure ingress and egress, network segmentation, cloud WAF services, identity integration, certificate management, security logging, and connectivity to enterprise security platforms. • Provide security architecture leadership for the modernization of large-scale WAN and MPLS-based network environments, including segmentation, resiliency, routing, inspection points, traffic flows, availability requirements, and future-state security objectives. • Develop an enterprise strategy for encrypted traffic inspection and TLS decryption at scale. Determine appropriate inspection locations while accounting for security value, application compatibility, privacy, performance, availability, certificate handling, and exception management. • Define and optimize the role of Gigamon and similar network-packet-brokering technologies within the enterprise visibility architecture, including traffic collection points, filtering, replication, optimization, and distribution to SIEM, NDR, threat-hunting, and analytics platforms. • Lead the development of a future-state SIEM, logging, and security-telemetry architecture. Evaluate centralized logging, security data lakes, telemetry pipelines, and platforms such as Cribl while balancing security value, signal quality, scalability, retention, cost, and operational overhead. • Incorporate infrastructure-as-code, policy-as-code, configuration management, version control, automated testing, and repeatable deployment principles into enterprise security architecture and operational patterns. • Develop current-state and target-state architecture diagrams, security reference architectures, technical standards, data-flow diagrams, decision records, implementation guidance, and phased modernization roadmaps. • Communicate complex security architecture concepts, risks, tradeoffs, and recommendations to executive leadership, engineering teams, security operations personnel, application owners, service providers, and other technical and nontechnical stakeholders.

🎯 Requirements

• Bachelor’s degree in computer science, engineering, information systems, cybersecurity, or a related field, or equivalent professional experience. • Eight or more years of progressive experience in cybersecurity engineering, network security, cloud security, or enterprise infrastructure, including significant responsibility for enterprise-scale architecture and technical design. • Demonstrated experience developing security architectures for large, complex, and distributed organizations spanning on-premises, managed hosting, hybrid, and cloud environments. • Broad knowledge of enterprise security architecture, including network security, cloud security, application delivery, web application protection, PKI, IAM, firewalls, SIEM, security logging, threat detection, and network visibility. • Strong hands-on experience with F5 BIG-IP, including application delivery, load balancing, secure ingress and egress, SSL/TLS services, certificate management, traffic policy, and application-security use cases. • Strong hands-on experience with Cisco ASA, Cisco Identity Services Engine, and Palo Alto Networks next-generation firewalls or comparable enterprise firewall and network access-control technologies. • Strong understanding of enterprise network architecture, including routing, segmentation, MPLS and WAN environments, ingress and egress design, high availability, security service placement, encrypted transport, and traffic-flow analysis. • Experience designing security for externally accessible applications using application delivery controllers, reverse proxies, web application firewalls, edge-security services, DDoS protections, and centralized certificate-management capabilities. • Experience designing security architectures for Microsoft Azure and Amazon Web Services, including cloud networking, identity integration, cloud-native WAF services, logging, segmentation, certificate management, and hybrid connectivity. • In-depth understanding of enterprise PKI, including certificate authority hierarchies, trust models, digital certificates, cryptographic keys, enrollment protocols, revocation, TLS, certificate lifecycle management, and automation. • Experience designing IAM architectures involving authentication, authorization, federation, privileged access, machine identities, workload identities, network access control, and policy-based access enforcement. • Experience assessing and improving enterprise firewall policies, including rule-base analysis, policy rationalization, least-privilege enforcement, application identification, control placement, and reduction of unnecessary rule complexity. • Experience designing SIEM, centralized logging, network detection and response, threat-hunting, telemetry-routing, or security-data architectures. • Understanding of network-packet visibility and traffic-brokering architectures. Experience with Gigamon or a comparable platform is highly desirable. • Experience developing or supporting enterprise encrypted-traffic inspection and TLS decryption strategies. • Familiarity with security data pipelines, observability platforms, data-lake architectures, and telemetry-routing technologies such as Cribl or comparable platforms. • Familiarity with infrastructure-as-code, configuration management, policy automation, version control, and repeatable security deployment practices. • Demonstrated ability to translate cybersecurity strategy, business requirements, and technical risks into practical architectures, standards, implementation plans, and prioritized roadmaps. • Exceptional written and verbal communication skills, with the ability to explain complex architectural concepts and technical risks to both engineering and executive stakeholders. • Demonstrated ability to lead cross-functional initiatives involving infrastructure, network, cloud, application, security operations, vendor, and managed-service-provider teams. • Relevant professional certification such as CISSP, CCSP, SABSA, TOGAF, or an equivalent security, cloud, network, or architecture certification. • Authorization to work in the United States.

🏖️ Benefits

• Competitive salary, paid biweekly • $100 monthly reimbursement for cell phone and Internet • $3000 yearly training budget • Top-tier medical, dental, and vision insurance coverage • Medical, dental, and vision insurance premiums covered 100% by Foxtrot Division • Unlimited PTO policy including 11 paid holidays • Parental leave • On-the-spot cash awards • Foxtrot Division sponsored events and activities

Apply Now

Similar Jobs

🔥 21 minutes ago

Ford Motor Company

10,000+ employees

🚗 Transport

Manager of Architecture and Information Security at Ford's BlueOval Battery Park Michigan. Leading technology architecture and security strategy for a new state-of-the-art manufacturing facility.

🔥 35 minutes ago

CannonDesign

1001 - 5000

🏢 Enterprise

🏠 Real Estate

🤝 Non-profit

Electrical Engineer designing electrical systems for healthcare, education, and commercial facilities at CannonDesign. Collaborating with licensed engineers on project execution and team leadership.

🔥 1 hour ago

Stand Together

5001 - 10000

🤲 Charity

📚 Education

🌍 Social Impact

Regional Security Manager ensuring risk mitigation and security solutions for Stand Together's philanthropic efforts. Collaborating with various teams to promote safe operations and events across the US.

🔥 3 hours ago

Seesaw Learning

201 - 500

📚 Education

☁️ SaaS

🤝 B2B

Senior Security Engineer enhancing security strategy and roadmap for Seesaw's engineering organization. Collaborating with cross-functional teams to ensure security best practices across the company.

🔥 4 hours ago

Communication Service for the Deaf (CSD)

1001 - 5000

🤝 Non-profit

📚 Education

🌍 Social Impact

IT & Security Governance Manager responsible for enterprise-wide technology governance and operational risk management. Aligning IT and security roadmaps with mission priorities and enhancing compliance frameworks.