Job Specifications
Title: Security Architect
Location: [City, State or Remote/Hybrid Onsite]
Employment Type: [Full-time | Contract | Contract-to-Hire]
Clearance: [If applicable]
Travel: [e.g., ~10%]
Reports To: [CISO / Director of Security / Head of Infrastructure]
Role Summary
We are seeking a Mid-Senior Security Architect to design and evolve enterprise security architecture across on‑prem and cloud environments (AWS/Azure). This role will own high-level security frameworks and reference architectures, partner closely with SOC/IR/engineering teams to strengthen detection and response, and drive secure-by-design patterns across infrastructure, applications, and endpoints. The ideal candidate blends deep technical breadth with the leadership and communication skills to influence senior stakeholders and guide engineering teams.
Core Responsibilities
Architecture & Strategy
Create and maintain security reference architectures, blueprints, and roadmaps for network, endpoint, identity, cloud (AWS/Azure), and data protection.
Define and govern security standards, patterns, and guardrails (e.g., network segmentation, zero trust, bastion patterns, key vaulting, least privilege).
Lead architecture reviews and threat modeling for new platforms, services, and integrations; ensure secure-by-design principles.
Partner with Infrastructure, Cloud, and App Engineering to translate business goals into resilient security architecture and control objectives.
Security Operations (Defense & Detection)
Collaborate with the SOC to mature alerting, correlation, and detection engineering (SIEM/SOAR, EDR, cloud-native telemetry).
Work with Threat Hunters to refine hypotheses, prioritize visibility gaps, and improve log coverage and detections.
Guide Malware Analysis inputs into control tuning, sandboxing, and endpoint hardening strategies.
Incident Response
Serve as a technical lead during security incidents, advising on containment, eradication, and recovery playbooks.
Conduct post-incident reviews; drive root cause remediation through architecture changes and hardening measures.
Testing & Offensive Security
Partner with Penetration Testing teams to scope tests and translate findings into architectural fixes and prioritized backlog items.
Oversee Vulnerability Management governance; align with Endpoint Security Engineers and domain SMEs to ensure timely patching and compensating controls.
Governance, Risk & Compliance
Map controls to relevant frameworks and regulations (e.g., NIST CSF/800-53, ISO 27001, CIS Benchmarks, PCI-DSS, SOC 2).
Contribute to policy development, exception management, and control attestation; support audits and assessments.
Key Skills & Qualifications
Must-Have
10+ years in Information Security with hands-on security engineering/analysis and 3-5+ years in security architecture roles.
Strong knowledge of network protocols, firewalls, proxies, VPNs, segmentation, and zero trust concepts.
Expertise across operating systems (Linux/Windows), identity & access (AD/Azure AD, SSO, MFA, PAM), and endpoint security (EDR, hardening).
Cloud security depth in AWS and/or Azure: IAM, network controls (Security Groups/NSGs), KMS/Key Vault, logging/monitoring, container security, IaaS/PaaS security patterns.
Experience collaborating with SOC/IR, threat hunting, and vulnerability management teams.
Soft skills: excellent communication, influence, and stakeholder leadership; ability to simplify complex risks and drive outcomes.
Certifications (Preferred)
CISSP, CISM, CCSP, or relevant cloud/security vendor certifications (e.g., AWS Security Specialty, Microsoft SC-100/SC-200, SANS/GIAC).
Tools & Technologies (Nice-to-Have)
SIEM/SOAR (e.g., Splunk, Sentinel), EDR/XDR (e.g., CrowdStrike, Defender), WAF/IDS/IPS, CASB, SASE/ZTNA.
Cloud security tools (e.g., Prisma, Wiz, Defender for Cloud), IaC (Terraform), container security (EKS/AKS, admission controllers).
Secrets management & KMS, PKI, DLP, Data Security Posture tools.
Desired Skills and Experience
10+ years in Information Security with hands-on security engineering/analysis and 3-5+ years in security architecture roles.
Strong knowledge of network protocols, firewalls, proxies, VPNs, segmentation, and zero trust concepts.
Expertise across operating systems (Linux/Windows), identity & access (AD/Azure AD, SSO, MFA, PAM), and endpoint security (EDR, hardening).
Cloud security depth in AWS and/or Azure: IAM, network controls (Security Groups/NSGs), KMS/Key Vault, logging/monitoring, container security, IaaS/PaaS security patterns.
Experience collaborating with SOC/IR, threat hunting, and vulnerability management teams.
Soft skills: excellent communication, influence, and stakeholder leadership; ability to simplify complex risks and drive outcomes.
Beacon Hill is an equal opportunity employer and individuals with disabilities and/or protected veterans are encouraged to apply.
California residents: Qualified applications with arrest or conviction records will be considered fo