Microsoft, SAP, and general IT recruiters | Talent Acquisition Worldwide | Recruitment Outsourcing
Principal Network & Security Architect
Location
United States
Posted
11 hours ago
Salary
0
Seniority
Lead
Job Description
Principal Network & Security Architect
Talentuch
Role Description We are looking for a Principal Network & Security Architect to serve as the company's senior technical authority for enterprise SASE, SD-WAN, and cloud security transformation projects. This person will lead complex, large-scale Palo Alto Networks Prisma deployments, including environments with thousands of mobile users, hundreds of branch locations, next-generation firewalls, multi-cloud infrastructures (AWS and OCI), Megaport connectivity, and migrations from legacy SD-WAN platforms. The architect will own the entire technical lifecycle of each engagement—from discovery and solution design through implementation, migration, testing, and final cutover—while working alongside a dedicated project team. The role also includes providing technical consulting to customers and acting as the primary technical decision-maker throughout the engagement. Key Responsibilities - Lead the architecture and delivery of enterprise Prisma SASE and Prisma SD-WAN solutions, including Strata Cloud Manager, Cloud Identity Engine, Prisma Access, Prisma Browser, ADEM, CASB-X, VM-Series firewalls, PA-Series NGFWs, microsegmentation, and Prisma SD-WAN branch deployments. - Serve as the technical lead for new customer implementations, managing all phases from project kickoff through successful completion. - Produce and maintain technical documentation, including High-Level Designs (HLDs), Low-Level Designs (LLDs), implementation plans, as-built documentation, failover testing results, and cutover runbooks. - Design, implement, and validate cloud connectivity solutions using Megaport, AWS Direct Connect, OCI FastConnect, BGP routing, and secure cloud interconnects. - Lead migrations from Zscaler (ZIA/ZPA) and legacy SD-WAN platforms to Prisma Access and Prisma SD-WAN while ensuring minimal business disruption and maintaining rollback capabilities. - Facilitate customer workshops, discovery sessions, design reviews, project kickoffs, cutovers, and executive presentations, while serving as the escalation point for technical issues and vendor-related challenges. - Support Sales Engineering by providing technical estimates, Statements of Work (SOW), Change Order input, and peer reviews. - Mentor engineering team members, promote knowledge sharing, and develop reusable design standards for future SASE engagements. - Ensure compliance with change management processes, documentation standards, Autotask ticketing, post-mortem reviews, and customer acceptance procedures. - Help establish and mature our security consulting practice by developing scalable methodologies and best practices for SASE, NGFW, Zero Trust, and related security engagements. Qualifications - 12+ years of experience in enterprise networking and cybersecurity. - At least 5 years of hands-on experience designing and deploying large-scale SASE solutions. - Extensive expertise with Palo Alto Networks technologies, including Prisma Access, Prisma SD-WAN (CloudGenix), Strata Cloud Manager, VM-Series, PA-Series NGFW, GlobalProtect, Cloud Identity Engine, ADEM, and CASB-X. - Proven experience leading migrations from Zscaler (ZIA/ZPA) and legacy SD-WAN platforms such as SilverPeak/EdgeConnect, Cisco Viptela, or Fortinet SD-WAN. - Strong networking and security knowledge, including eBGP, iBGP, OSPF, IPsec, Zero Trust architecture, segmentation, DLP, CASB, Quality of Service (CoS), and all OSI networking layers. - Hands-on experience with AWS, OCI, Azure, Megaport, AWS Direct Connect, and OCI FastConnect. - Demonstrated ability to independently deliver complete Prisma implementations without relying on vendor professional services or subcontractors. - Excellent written and verbal communication skills, with the ability to communicate effectively with engineers, CIOs, and CISOs. - Strong organizational and time management skills, with the ability to manage multiple projects simultaneously and perform effectively under pressure. - Willingness to participate in after-hours migration windows and occasional travel when required. Preferred Qualifications - Palo Alto Networks certifications, such as PCNSE, PCSAE, PCCSE, or equivalent. - Additional cloud or networking certifications (Cloud CSP, NaaS Networking Specialty). - Previous experience working for Palo Alto Networks, WWT, Optiv, AHEAD, or another Tier-1 SASE integrator. - Experience with OT/IoT microsegmentation projects. Work Schedule - Full-time - Monday through Friday - 8-hour workday - On-call responsibilities - Weekend and after-hours availability for production cutovers
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Sr. Security Controls & Compliance Engineer
UP.LabsTransforming the moving world, one startup at a time
Role Description We are hiring a Sr. Security Controls & Compliance Engineer to build, implement, and operate the security control foundation across multiple applications in a venture studio environment. This is a hands-on security execution role. We need someone who can: - Understand enterprise customer security requirements. - Identify the controls required. - Implement or configure those controls directly where possible. - Verify that controls are operating effectively. This person will help prepare our venture applications for SOC 2 readiness while supporting enterprise customer data, information security, and TPRM requirements. They will work across: - Cloud environments - Identity systems - Source control - CI/CD workflows - Logging - Monitoring - Compliance tooling - Operational security processes The goal is to create a repeatable security baseline that each venture application can inherit, operate against, and eventually carry forward as it matures or spins out. Responsibilities - Build, implement, and operate security and compliance controls across multiple venture applications and supporting systems. - Translate enterprise customer security, data handling, and TPRM requirements into practical technical controls, operational workflows, evidence requirements, and remediation plans. - Create a reusable security control baseline that can be applied across current and future venture applications. - Configure and operate compliance automation platforms such as Vanta, Drata, Secureframe, or similar tools. - Configure evidence integrations across systems such as cloud platforms, GitHub, identity providers, ticketing systems, device management tools, productivity platforms, and security tooling. - Implement identity and access controls, including SSO, MFA, role-based access, least-privilege permissions, access review workflows, and offboarding evidence. - Implement secure SDLC controls, including branch protection, required code reviews, code scanning, dependency scanning, secret scanning, vulnerability management workflows, and release/change management evidence. - Implement or configure cloud security controls, including IAM policies, encryption settings, logging, monitoring, backup settings, network restrictions, and security alerting. - Implement operational security workflows, including vendor review, risk review, change management, policy attestation, incident response evidence, exception tracking, and recurring control reviews. - Maintain a centralized control library mapped to SOC 2 Trust Services Criteria, customer-specific requirements, and relevant frameworks such as ISO 27001, NIST CSF, or CIS Controls. - Support SOC 2 readiness activities, including control mapping, evidence requirements, gap tracking, audit preparation, and control verification. - Identify launch-blocking security gaps and close them directly where possible. - Partner with product engineering only where application-specific code, architecture, or deeper infrastructure changes are required. - Write clear technical requirements and acceptance criteria for any security work that must be completed by product engineering. - Review and verify control implementation to ensure controls are actually operating and producing evidence. - Support customer security questionnaires, audits, evidence requests, and enterprise security reviews with accurate technical detail. - Track control gaps, remediation status, launch blockers, and compliance risk for leadership. - Help create a repeatable security implementation playbook that future ventures can inherit as they mature or spin out. What Success Looks Like - Enterprise customer requirements are translated into implemented controls, not just documented gaps. - Each venture application has a working security baseline across identity, cloud, source control, CI/CD, logging, monitoring, evidence, and operational processes. - SOC 2 readiness is actively tracked with clear control ownership, evidence collection, and operating cadence. - Compliance tooling is configured and produces useful evidence across the required systems. - Engineering teams are not overloaded with generic security tasks; they are engaged only when product-specific implementation is required. - Security launch blockers are identified early, prioritized clearly, and remediated quickly. - Customer security reviews, audits, and questionnaires are handled with accurate technical detail and supporting evidence. - Leadership has clear visibility into control maturity, launch risk, audit readiness, and open remediation items. - The venture studio has a reusable security control baseline that can be applied to new applications and carried forward as ventures mature. Qualifications - 5+ years of experience in security engineering, cloud security, DevSecOps, security operations, security compliance, GRC, or a related field. - Hands-on experience implementing security controls in cloud/SaaS application environments. - Experience supporting SOC 2 readiness, SOC 2 audits, or similar compliance programs. - Strong understanding of security controls, audit evidence, policy requirements, control testing, and control operation. - Experience translating customer or enterprise security requirements into practical technical controls. - Ability to configure and operate security and compliance systems directly, not just document requirements. - Experience with identity and access controls, including SSO, MFA, RBAC, least privilege, access reviews, and offboarding controls. - Experience with secure SDLC controls, including source control permissions, code reviews, branch protection, vulnerability management, dependency scanning, secret scanning, and change management evidence. - Experience with cloud security controls such as IAM, encryption, logging, monitoring, backups, network restrictions, and alerting. - Experience with compliance automation or GRC tools such as Vanta, Drata, Secureframe, OneTrust, Tugboat Logic, or similar platforms. - Familiarity with tools such as GitHub, Jira, Linear, Okta, Google Workspace, Slack, AWS, Azure, GCP, or similar systems. - Strong written communication skills for policies, procedures, audit documentation, technical requirements, and customer-facing security responses. - Ability to operate in an ambiguous, fast-moving startup or venture environment. Preferred Qualifications - Experience supporting enterprise customers with strict security, data handling, or TPRM requirements. - Experience in venture-backed startups, SaaS companies, enterprise software, or venture studio environments. - Familiarity with SOC 2 Trust Services Criteria, ISO 27001, NIST CSF, CIS Controls, or similar frameworks. - Experience implementing security controls across AWS, Azure, GCP, or multi-cloud environments. - Experience with GitHub security features, CI/CD security controls, vulnerability management tools, and cloud security monitoring tools. - Experience with identity platforms such as Okta, Google Workspace, Microsoft Entra ID, or similar. - Experience with logging, monitoring, incident response, vendor risk, evidence automation, and security questionnaire support. - Relevant certifications such as CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer, AWS Security Specialty, Security+, or similar.
Lead Cyber Security Architect
ESA - Electronic Security AssociationTHE voice of the electronic security and life safety industry.
• Act as a thought leader in cyber security, championing best practices and innovative solutions that enhance the organisation’s security posture. • Monitor and anticipate future security trends, leveraging this knowledge to influence and adapt security strategies, ensuring they remain robust and effective. • Drive the development of security strategies and roadmaps, ensuring a cohesive and forward-thinking approach to all security initiatives. • Develop and implement reference security architectures that align with organisational goals. • Collaborate with cross-functional teams to design and deploy advanced security controls, ensuring compliance with company and industry standards. • Act as a mentor, providing guidance and support to junior cybersecurity professionals in organisation.
Lead Cyber Security Architect
ESA - Electronic Security AssociationTHE voice of the electronic security and life safety industry.
• Act as a thought leader in cyber security, championing best practices and innovative solutions that enhance the organisation’s security posture. • Monitor and anticipate future security trends, leveraging this knowledge to influence and adapt security strategies, ensuring they remain robust and effective. • Drive the development of security strategies and roadmaps, ensuring a cohesive and forward-thinking approach to all security initiatives. • Develop and implement reference security architectures that align with organisational goals. • Collaborate with cross-functional teams to design and deploy advanced security controls, ensuring compliance with company and industry standards. • Act as a mentor, providing guidance and support to junior cybersecurity professionals in organisation.
Lead Cyber Security Architect
ESA - Electronic Security AssociationTHE voice of the electronic security and life safety industry.
• Pełnienie roli eksperta i lidera opinii w obszarze cyberbezpieczeństwa poprzez promowanie najlepszych praktyk oraz innowacyjnych rozwiązań zwiększających poziom bezpieczeństwa organizacji. • Monitorowanie oraz przewidywanie przyszłych trendów w zakresie bezpieczeństwa, a następnie wykorzystywanie tej wiedzy do kształtowania i doskonalenia strategii bezpieczeństwa. • Opracowywanie strategii bezpieczeństwa oraz map drogowych (roadmap), zapewniających spójne i perspektywiczne podejście do wszystkich inicjatyw związanych z bezpieczeństwem. • Tworzenie i wdrażanie referencyjnych architektur bezpieczeństwa zgodnych z celami organizacji. • Współpraca z zespołami międzyfunkcyjnymi w celu projektowania i wdrażania zaawansowanych mechanizmów bezpieczeństwa, zgodnie ze standardami firmowymi i branżowymi. • Pełnienie funkcji mentora, wspieranie oraz rozwijanie mniej doświadczonych specjalistów ds. cyberbezpieczeństwa w organizacji.


