Foxtrot Division logo
Foxtrot Division

This is not business-as-usual. This is Rock-and-Roll.

Enterprise Security Architect

Security EngineerSecurity EngineerFull TimeRemoteLeadTeam 1-10Since 2015H1B No SponsorCompany SiteLinkedIn

Location

United States

Posted

2 days ago

Salary

0

Seniority

Lead

Bachelor Degree8 yrs expEnglishAWSAzureCloudCyber SecurityFirewalls

Job Description

Enterprise Security Architect

Foxtrot Division

• Serve as the lead architect and subject matter expert for enterprise security strategy, design, and modernization across on-premises, managed hosting, hybrid, and cloud environments. • Define and maintain a cohesive, layered security architecture that clearly establishes trust boundaries, control placement, security responsibilities, and where prevention, detection, response, and visibility should occur throughout the environment. • Establish standardized front-door patterns for externally accessible applications and services using technologies such as F5 BIG-IP, Akamai, cloud-native web application firewalls, and other approved edge-security controls. • Develop phased migration strategies to place existing public-facing websites and applications behind approved enterprise ingress and application-security services, including workloads hosted in data centers, managed hosting environments, Microsoft Azure, and Amazon Web Services. • Identify and address direct-to-origin exposure and other paths that could allow traffic to bypass approved application delivery, certificate management, logging, or security controls. • Design secure and resilient enterprise ingress and egress architectures, including additional egress capabilities, security service chaining, load-balancer-based architectures, centralized certificate management, and highly available traffic-management patterns. • Evaluate the effectiveness of border, upstream, mid-tier, and downstream firewall controls. Identify opportunities to simplify rule sets, eliminate unnecessarily permissive access, improve early-path blocking, and reduce the operational burden placed on downstream security platforms. • Validate whether network and application-security controls are operating as intended through architecture reviews, configuration analysis, traffic-flow validation, and telemetry assessment. Collaborate with service providers and engineering teams to identify enforcement, visibility, and ownership gaps across security layers. • Establish and lead an enterprise PKI architecture, including certificate authority and trust models, certificate enrollment and issuance, key protection, revocation, lifecycle management, governance, automation, and integration with enterprise and cloud-hosted systems. • Define enterprise IAM architecture patterns addressing authentication, authorization, identity federation, privileged access, machine and workload identities, network access control, and the integration of identity context with infrastructure and application-security controls. • Provide architectural oversight and hands-on technical guidance for technologies including Cisco ASA, Cisco Identity Services Engine, Palo Alto Networks next-generation firewalls, F5 BIG-IP, IAM platforms, web application firewalls, and related enterprise security capabilities. • Define reusable security architecture patterns for Azure and AWS, including secure ingress and egress, network segmentation, cloud WAF services, identity integration, certificate management, security logging, and connectivity to enterprise security platforms. • Provide security architecture leadership for the modernization of large-scale WAN and MPLS-based network environments, including segmentation, resiliency, routing, inspection points, traffic flows, availability requirements, and future-state security objectives. • Develop an enterprise strategy for encrypted traffic inspection and TLS decryption at scale. Determine appropriate inspection locations while accounting for security value, application compatibility, privacy, performance, availability, certificate handling, and exception management. • Define and optimize the role of Gigamon and similar network-packet-brokering technologies within the enterprise visibility architecture, including traffic collection points, filtering, replication, optimization, and distribution to SIEM, NDR, threat-hunting, and analytics platforms. • Lead the development of a future-state SIEM, logging, and security-telemetry architecture. Evaluate centralized logging, security data lakes, telemetry pipelines, and platforms such as Cribl while balancing security value, signal quality, scalability, retention, cost, and operational overhead. • Incorporate infrastructure-as-code, policy-as-code, configuration management, version control, automated testing, and repeatable deployment principles into enterprise security architecture and operational patterns. • Develop current-state and target-state architecture diagrams, security reference architectures, technical standards, data-flow diagrams, decision records, implementation guidance, and phased modernization roadmaps. • Communicate complex security architecture concepts, risks, tradeoffs, and recommendations to executive leadership, engineering teams, security operations personnel, application owners, service providers, and other technical and nontechnical stakeholders.

Job Requirements

  • Bachelor’s degree in computer science, engineering, information systems, cybersecurity, or a related field, or equivalent professional experience.
  • Eight or more years of progressive experience in cybersecurity engineering, network security, cloud security, or enterprise infrastructure, including significant responsibility for enterprise-scale architecture and technical design.
  • Demonstrated experience developing security architectures for large, complex, and distributed organizations spanning on-premises, managed hosting, hybrid, and cloud environments.
  • Broad knowledge of enterprise security architecture, including network security, cloud security, application delivery, web application protection, PKI, IAM, firewalls, SIEM, security logging, threat detection, and network visibility.
  • Strong hands-on experience with F5 BIG-IP, including application delivery, load balancing, secure ingress and egress, SSL/TLS services, certificate management, traffic policy, and application-security use cases.
  • Strong hands-on experience with Cisco ASA, Cisco Identity Services Engine, and Palo Alto Networks next-generation firewalls or comparable enterprise firewall and network access-control technologies.
  • Strong understanding of enterprise network architecture, including routing, segmentation, MPLS and WAN environments, ingress and egress design, high availability, security service placement, encrypted transport, and traffic-flow analysis.
  • Experience designing security for externally accessible applications using application delivery controllers, reverse proxies, web application firewalls, edge-security services, DDoS protections, and centralized certificate-management capabilities.
  • Experience designing security architectures for Microsoft Azure and Amazon Web Services, including cloud networking, identity integration, cloud-native WAF services, logging, segmentation, certificate management, and hybrid connectivity.
  • In-depth understanding of enterprise PKI, including certificate authority hierarchies, trust models, digital certificates, cryptographic keys, enrollment protocols, revocation, TLS, certificate lifecycle management, and automation.
  • Experience designing IAM architectures involving authentication, authorization, federation, privileged access, machine identities, workload identities, network access control, and policy-based access enforcement.
  • Experience assessing and improving enterprise firewall policies, including rule-base analysis, policy rationalization, least-privilege enforcement, application identification, control placement, and reduction of unnecessary rule complexity.
  • Experience designing SIEM, centralized logging, network detection and response, threat-hunting, telemetry-routing, or security-data architectures.
  • Understanding of network-packet visibility and traffic-brokering architectures. Experience with Gigamon or a comparable platform is highly desirable.
  • Experience developing or supporting enterprise encrypted-traffic inspection and TLS decryption strategies.
  • Familiarity with security data pipelines, observability platforms, data-lake architectures, and telemetry-routing technologies such as Cribl or comparable platforms.
  • Familiarity with infrastructure-as-code, configuration management, policy automation, version control, and repeatable security deployment practices.
  • Demonstrated ability to translate cybersecurity strategy, business requirements, and technical risks into practical architectures, standards, implementation plans, and prioritized roadmaps.
  • Exceptional written and verbal communication skills, with the ability to explain complex architectural concepts and technical risks to both engineering and executive stakeholders.
  • Demonstrated ability to lead cross-functional initiatives involving infrastructure, network, cloud, application, security operations, vendor, and managed-service-provider teams.
  • Relevant professional certification such as CISSP, CCSP, SABSA, TOGAF, or an equivalent security, cloud, network, or architecture certification.
  • Authorization to work in the United States.

Benefits

  • Competitive salary, paid biweekly
  • $100 monthly reimbursement for cell phone and Internet
  • $3000 yearly training budget
  • Top-tier medical, dental, and vision insurance coverage
  • Medical, dental, and vision insurance premiums covered 100% by Foxtrot Division
  • Unlimited PTO policy including 11 paid holidays
  • Parental leave
  • On-the-spot cash awards
  • Foxtrot Division sponsored events and activities

Related Categories

Related Job Pages

More Security Engineer Jobs

CannonDesign logo

Electrical III – Cyber Security

CannonDesign

We design solutions that help people continuously flourish. Living-Centered Design is how we do it.

Full TimeRemoteTeam 1,001-5,000H1B No Sponsor

• Participate in project teamwork planning sessions and may take a lead role. • May assume project engineering responsibilities and adhere to financial and work goals. • Initiate project designs and help to develop design goals and systems. Perform electrical engineering systems design for building construction. • Design lighting, power distribution, signaling, communications and/or telecommunication systems for healthcare, education/higher education and commercial clients per applicable codes. • Prepare construction documents including drawings and specifications. Guide less experienced team members in execution of drawings. Specify electrical equipment. • Complete quality control checks of engineering documents and layout systems in regard to components and parts. • Participate in value engineering sessions with Architectural/Engineering team. • Recommend improvements with reference standards and processes to improve quality, coordination, and to streamline production efforts. • Review and markup of shop drawings and submittals. Respond to RFI’s and review of change orders in the preparation of construction documents. • Conduct job site visits to verify existing conditions and observe construction progress. Attend and participate in construction meetings. Site visits frequently require a physical walk-through of site. • Familiarity with operational technology systems, cyber-informed design principles, NIST SP 800-82, or critical infrastructure security considerations preferred. • May perform other related tasks as needed.

United States
$80.0K - $104.9K / year
Full TimeRemoteTeam 5,001-10,000H1B Sponsor

• Assess and implement risk controls for facilities, events, and operations • Manage security projects from vision to completion • Engage and develop customer security knowledge and capabilities • Resource and manage vendor relationships • Provide direct support and leadership to ensure security at events and business functions • Translate security principles into plans, frequently assessing the effectiveness of control measures and adapting plans as needed • Maintain strong internal relationships through partnership with stakeholders in the assigned region • Implement security control measures based on principle-based thinking

Virginia
$90K - $105K / year

Role Description At Rho Nutrition, technology is a critical enabler of our growth. As we continue to scale, we are looking for an experienced IT and Information Security leader who can build secure, reliable, and efficient technology operations while partnering closely with teams across the business. The IT & Information Security Director (or Senior Manager with Director-level potential) will lead the strategy, implementation, and day-to-day management of Rho's IT infrastructure, cybersecurity program, and end-user technology experience. This role will ensure our systems are secure, compliant, and scalable while providing exceptional support to employees in a fast-paced, remote-first environment. You'll serve as both a strategic leader and a hands-on problem solver—developing long-term technology roadmaps while also rolling up your sleeves when needed. You'll partner with leaders across Operations, Finance, People, Legal, and Product to strengthen our technology ecosystem, manage vendor relationships, and mitigate business risk. What You'll Own - Develop and execute Rho's overall IT and Information Security strategy. - Lead all corporate IT operations, including endpoint management, identity and access management, collaboration tools, and employee technology support. - Build and mature Rho's cybersecurity program, including security policies, risk management, and incident response. - Manage IT infrastructure, SaaS applications, cloud services, networking, and endpoint security. - Oversee technology vendor selection, contract management, licensing, and budgeting. - Ensure compliance with security frameworks, customer security requirements, and applicable regulatory standards. - Develop business continuity, disaster recovery, and incident response plans. - Partner with cross-functional leaders to improve operational efficiency through technology and automation. - Establish scalable IT processes and documentation that support a growing organization. - Build and mentor an internal IT function while managing external managed service providers (MSPs) and security partners as needed. Key Responsibilities - Develop and execute a multi-year IT roadmap aligned with Rho's business objectives. - Maintain reliable, secure, and scalable IT infrastructure supporting a distributed workforce. - Oversee administration of collaboration platforms, productivity tools, and enterprise SaaS applications (e.g., Google Workspace, Slack, HRIS, ERP, CRM). - Manage employee onboarding and offboarding technology processes, ensuring timely provisioning and deprovisioning of equipment and system access. - Standardize hardware lifecycle management, asset tracking, software licensing, and technology procurement. - Develop IT policies, standards, and operating procedures that support consistency and scalability. - Own Rho's overall cybersecurity strategy and continuously improve the company's security posture. - Develop and maintain security policies covering identity management, endpoint protection, password management, acceptable use, data protection, and access controls. - Implement security monitoring, vulnerability management, endpoint detection and response (EDR), multi-factor authentication (MFA), and security awareness initiatives. - Lead incident response planning, investigation, and post-incident reviews. - Conduct regular security risk assessments and recommend mitigation strategies. - Partner with Legal and Compliance teams on customer security questionnaires, audits, and security certifications. - Ensure technology controls support applicable privacy, regulatory, and contractual requirements. - Lead vendor security reviews and third-party risk assessments. - Maintain documentation supporting audits and customer due diligence requests. - Develop disaster recovery and business continuity plans and coordinate periodic testing. - Serve as a trusted technology advisor to senior leadership. - Build strong relationships across every department to understand business needs and identify opportunities for automation and process improvement. - Manage relationships with managed service providers, security vendors, hardware suppliers, and consultants. - Establish service levels and performance metrics for IT support and operational excellence. - Mentor and develop future IT team members as the function grows. Qualifications - Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent practical experience). - 8+ years of progressive experience in IT, infrastructure, systems administration, cybersecurity, or technology operations. - 3+ years of leadership experience managing IT teams, vendors, or managed service providers. - Experience building or scaling IT operations within a high-growth company. - Strong knowledge of cloud-based business applications, identity and access management, endpoint management, networking, and enterprise collaboration platforms. - Experience implementing cybersecurity best practices, including MFA, endpoint security, vulnerability management, and incident response. - Experience managing technology vendors, software licensing, procurement, and IT budgets. - Strong understanding of security frameworks such as SOC 2, NIST Cybersecurity Framework, ISO 27001, CIS Controls, or similar standards. - Excellent project management, communication, and stakeholder management skills. - Ability to balance strategic planning with hands-on execution in a fast-paced environment. Additional Preferred Qualifications - Experience supporting a remote or hybrid workforce. - Experience in consumer packaged goods (CPG), health and wellness, nutraceutical, dietary supplement, manufacturing, or e-commerce industries. - Experience supporting ERP, warehouse management, CRM, HRIS, and supply chain technologies. - Familiarity with compliance requirements related to FDA-regulated businesses or consumer products. - Experience leading SOC 2, ISO 27001, or similar security certification efforts. - Professional certifications such as CISSP, CISM, Security+, CCSP, PMP, ITIL, or equivalent. - Experience implementing automation and AI-enabled solutions that improve operational efficiency. - Demonstrated success building IT organizations from the ground up. What Does Success Look Like in This Role - Developed a clear IT and information security roadmap aligned with Rho's strategic priorities. - Strengthened Rho's cybersecurity posture by implementing scalable security controls and reducing organizational risk. - Established reliable IT support processes that deliver a consistently excellent employee experience. - Improved identity and access management through standardized onboarding, offboarding, and role-based access controls. - Built strong partnerships across departments and become a trusted advisor on technology decisions. - Increased operational efficiency through thoughtful technology improvements and automation. - Developed disaster recovery, incident response, and business continuity plans that are regularly tested and maintained. - Improved visibility into technology assets, licensing, vendor performance, and IT spending. - Successfully managed external vendors while establishing the foundation for a scalable internal IT organization. - Created an IT environment that is secure, reliable, scalable, and capable of supporting Rho's continued growth. Why Join Rho Nutrition At Rho Nutrition, you’ll be part of a team that is passionate about helping people live healthier, stronger lives through evidence-based nutrition. We believe great work happens when talented people are empowered to innovate, collaborate, and grow. Joining Rho means contributing to a mission-driven company that values integrity, curiosity, and continuous improvement—while giving you the opportunity to make a real impact on the health and performance of the communities we serve. If you’re motivated by purpose and excited to work alongside people who care deeply about results and relationships, Rho Nutrition is a place where your work truly matters.

United States

Role Description As a Cybersecurity Engineer, you will collaborate closely with Cybersecurity, Engineering, and Service teams to address escalated issues, manage SOC escalations, and support new security initiatives. We are looking for an Engineer with leadership presence, possessing strong technical and interpersonal skills, familiarity with industry-standard tools, the ability to work under pressure, and the ability to mentor junior members of the team. - High interaction with the Security, Engineering and Service teams, responding to escalated issues in a timely fashion - Respond and action alerts from our SOC escalations and security tooling to maintain health and security of our platform - Lead Incident coordination between internal and external entities in alignment with regulatory requirements - Utilize interpersonal and technical skills to effectively communicate with management, peers, and clients - Maintain an awareness of security and control issues in emerging technologies - Ability to scope, implement and support new security projects/initiatives - Ownership and follow up of pending issues to resolution Qualifications - Minimum 5 years’ experience in a system engineering or technical security role - A Bachelor’s Degree in MIS, Computer Science or similar focus - Microsoft Certified (MCSE) or equivalent certification a plus - Microsoft Cloud Security certifications preferred - Security Certificate such as; CompTIA CySA, Security+ and Network+ CISA, ISC-2 CC Requirements - Familiarity with industry standard tools and applications (such as Palo Alto, Cisco Meraki, SonicWall, Fortigate, SentinelOne, ThreatLocker, MS Defender, G-Suite, Content Filtering, Protective DNS) - Heavy experience with the Incident Response lifecycle - Familiarity with Microsoft (Office365 & Azure) and Citrix (Virtual Apps & Desktops) technologies - Familiarity with open-source intelligence gathering - Scripting ability and experience working with API endpoints such as MS Graph - Ability to navigate and utilize a ticketing system (such as ConnectWise or Service Now) - Experience with change management and security remediation processes - Experience with security documentation, technical and policy writing - Ability to deliver technical/security information or concepts in a user-friendly format - Takes ownership and excels in both independent and team project work - Ability to work under pressure and with short deadlines - Occasional on call nights, weekend and emergency on call is required within this role Benefits - Exposure to diverse array of technologies - Part of a team of experienced technicians that aim to deliver exceptional service - Competitive compensation - Robust benefits package: medical, dental, vision, disability, life insurance, 401k, and PTO - Opportunities to further technical education

United States