Jobs · himalayas
IS Principal Security Architect
Vantage Compute · United States · Posted 18d ago
About the role
Establish and govern secure technology architecture across hybrid and multi-cloud environments.
SUMMARY: The Principal Security Architect is a key member of the CISO organization responsible for establishing and governing secure technology architecture across hybrid on-premises and multi-cloud environments. This role serves as a trusted subject matter expert partnering with infrastructure, application, data, and cloud platform teams to translate security strategy, regulatory expectations, and industry best practices into practical reference architectures, security standards, and design requirements. The Principal Security Architect leads architecture review and assurance activities to ensure solutions are implemented in alignment with approved designs and enterprise standards, and drives remediation of identified security and control gaps across identity, network segmentation, data protection, monitoring, CI/CD, and third-party integrations. Owns enterprise security reference architectures, design standards, and security patterns across the organization. Has authority to approve, require modification of, or reject proposed designs that do not meet established security requirements, and ensures deviations are formally governed through the enterprise exception management process. RESPONSIBILITIES: Engage in project intake and early design phases to define security requirements prior to implementation. Partner with infrastructure, application, and cloud teams to embed security-by-design into initial architecture decisions and reduce downstream rework and exception volume. Serve as a subject matter expert for the evaluation, design, and secure adoption of infrastructure, cloud platforms, applications, and enterprise technologies, ensuring security requirements are incorporated throughout the solution lifecycle. Lead security architecture review and assurance activities by assessing proposed and existing designs, network and application architecture diagrams, and technology implementations against enterprise standards, reference architectures, threat models, and control requirements; defining security requirements and guardrails; and validating implemented solutions align with approved designs and enterprise standards. Identify and drive remediation of security and control gaps across identity, network segmentation, data protection, logging/monitoring, key management, CI/CD, and third-party integrations in partnership with Infrastructure, Application, Data, and Cloud Platform teams. Design security architecture for Microsoft Fabric and lakehouse patterns (Bronze/Silver/Gold), including secure data ingestion pipelines (e.g., Data Factory), least-privilege access using service principals and managed identities, strong data governance controls such as classification, labeling, lineage, and policy enforcement via Microsoft Purview, and secure storage and access boundaries through encryption and customer-managed keys (where applicable). Define secure ingestion and connectivity patterns for on-premises systems (e.g., EMR/Epic, relational databases) and third-party platforms (e.g., Snowflake), including segmentation, traceability, and segregation of duties between data engineering and data consumers. Define and enforce security architecture for AI platforms and agent-based solutions (e.g., Copilot Studio, Azure AI services), including identity and access controls for service principals and managed identities, least-privilege connector design, data protection and prompt handling safeguards, logging and traceability of agent actions, and integration with enterprise data governance controls (e.g., Microsoft Purview). Assess and integrate acquired entities into the enterprise security architecture by evaluating inherited environments, identifying control gaps, and defining transition architectures that align to enterprise standards while accounting for operational constraints. Define and maintain Microsoft Entra ID security architecture standards, including Conditional Access, phishing-resistant MFA, PIM, RBAC design, privileged access workflows, and application identity governance. Define secure network architecture patterns including segmentation, private networking, egress controls, firewall policy, and DNS security considerations across on-premises and cloud environments. Define enterprise logging, telemetry, and monitoring architecture requirements, including SIEM integration, retention standards, and visibility requirements across on-premises, cloud, research, and AI environments. Own and maintain enterprise security configuration standards and baselines across endpoints, infrastructure, cloud platforms (Azure and AWS), identity services, AI/agent platforms, and controlled environments including research and AI enclaves. This includes Windows, Linux and macOS systems, network devices, cloud-native services, Microsoft Entra ID, and AI agent frameworks. Ensure alignment with CIS Benchmarks and internal policy requirements and validate adoption through architecture governance and coordination with engineering and
Read the full posting on himalayas →
FAQ
Is the IS Principal Security Architect role at Vantage Compute remote?+
This IS Principal Security Architect position is listed as remote (United States).
What is the salary for the IS Principal Security Architect role at Vantage Compute?+
The listing states Estimated 100k-231k USD.
What seniority level is this IS Principal Security Architect role?+
This is a principal level position.
How do I apply for the IS Principal Security Architect role at Vantage Compute?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Vantage Compute.