Enterprise Security Architect in Remote at Foxtrot Division
NewJob Function: Information Technology
Foxtrot Division
Remote
Posted on
New job! Apply early to increase your chances of getting hired.
Explore Related Opportunities
Job Description
Enterprise Security Architect
Required QualificationsBenefits and Perks
Foxtrot Division is positioned at the forefront of cyber systems engineering, driven by a mission to create secure systems that empower our clients to excel in their endeavors. At the heart of our success are our people-our dedicated engineers and team members-whose expertise, creativity, and passion are the bedrock of our success. We understand that our strength lies in the collective spirit and the unique talents of our team, which is why we deeply value and invest in their growth and well-being. Our mission is rooted in transcending the ordinary, a force that unites us and propels us forward. We are not content with business as usual; we are the rockstars of our industry, challenging the status quo, and setting the pace for innovation and excellence. Our DNA-thinking deeply, speaking boldly, leading by example, and striving to be great-defines us and our approach to everything we do. At Foxtrot Division, we are committed to leading the way, ensuring that our products, services, and team members are aligned with our core purpose. Through this alignment, we aim to leave a lasting, positive impact on the world, driving us further and faster towards our vision of excellence, with our people leading the charge.
This role will directly consult with and advise customer security, architecture, infrastructure, network, cloud, and operations leaders on the design and modernization of enterprise security capabilities. The Enterprise Security Architect will translate strategic objectives and identified risks into practical target-state architectures, technical standards, and implementation roadmaps spanning secure ingress and egress, firewalls, application delivery and web application security, PKI, IAM, cloud security, encrypted traffic inspection, network visibility, SIEM, logging, and infrastructure automation.
Key Responsibilities- Serve as the lead architect and subject matter expert for enterprise security strategy, design, and modernization across on-premises, managed hosting, hybrid, and cloud environments.
- Define and maintain a cohesive, layered security architecture that clearly establishes trust boundaries, control placement, security responsibilities, and where prevention, detection, response, and visibility should occur throughout the environment.
- Establish standardized front-door patterns for externally accessible applications and services using technologies such as F5 BIG-IP, Akamai, cloud-native web application firewalls, and other approved edge-security controls.
- Develop phased migration strategies to place existing public-facing websites and applications behind approved enterprise ingress and application-security services, including workloads hosted in data centers, managed hosting environments, Microsoft Azure, and Amazon Web Services.
- Identify and address direct-to-origin exposure and other paths that could allow traffic to bypass approved application delivery, certificate management, logging, or security controls.
- Design secure and resilient enterprise ingress and egress architectures, including additional egress capabilities, security service chaining, load-balancer-based architectures, centralized certificate management, and highly available traffic-management patterns.
- Evaluate the effectiveness of border, upstream, mid-tier, and downstream firewall controls. Identify opportunities to simplify rule sets, eliminate unnecessarily permissive access, improve early-path blocking, and reduce the operational burden placed on downstream security platforms.
- Validate whether network and application-security controls are operating as intended through architecture reviews, configuration analysis, traffic-flow validation, and telemetry assessment. Collaborate with service providers and engineering teams to identify enforcement, visibility, and ownership gaps across security layers.
- Establish and lead an enterprise PKI architecture, including certificate authority and trust models, certificate enrollment and issuance, key protection, revocation, lifecycle management, governance, automation, and integration with enterprise and cloud-hosted systems.
- Define enterprise IAM architecture patterns addressing authentication, authorization, identity federation, privileged access, machine and workload identities, network access control, and the integration of identity context with infrastructure and application-security controls.
- Provide architectural oversight and hands-on technical guidance for technologies including Cisco ASA, Cisco Identity Services Engine, Palo Alto Networks next-generation firewalls, F5 BIG-IP, IAM platforms, web application firewalls, and related enterprise security capabilities.
- Define reusable security architecture patterns for Azure and AWS, including secure ingress and egress, network segmentation, cloud WAF services, identity integration, certificate management, security logging, and connectivity to enterprise security platforms.
- Provide security architecture leadership for the modernization of large-scale WAN and MPLS-based network environments, including segmentation, resiliency, routing, inspection points, traffic flows, availability requirements, and future-state security objectives.
- Develop an enterprise strategy for encrypted traffic inspection and TLS decryption at scale. Determine appropriate inspection locations while accounting for security value, application compatibility, privacy, performance, availability, certificate handling, and exception management.
- Define and optimize the role of Gigamon and similar network-packet-brokering technologies within the enterprise visibility architecture, including traffic collection points, filtering, replication, optimization, and distribution to SIEM, NDR, threat-hunting, and analytics platforms.
- Lead the development of a future-state SIEM, logging, and security-telemetry architecture. Evaluate centralized logging, security data lakes, telemetry pipelines, and platforms such as Cribl while balancing security value, signal quality, scalability, retention, cost, and operational overhead.
- Incorporate infrastructure-as-code, policy-as-code, configuration management, version control, automated testing, and repeatable deployment principles into enterprise security architecture and operational patterns.
- Develop current-state and target-state architecture diagrams, security reference architectures, technical standards, data-flow diagrams, decision records, implementation guidance, and phased modernization roadmaps.
- Communicate complex security architecture concepts, risks, tradeoffs, and recommendations to executive leadership, engineering teams, security operations personnel, application owners, service providers, and other technical and nontechnical stakeholders.
- Bachelor’s degree in computer science, engineering, information systems, cybersecurity, or a related field, or equivalent professional experience.
- Eight or more years of progressive experience in cybersecurity engineering, network security, cloud security, or enterprise infrastructure, including significant responsibility for enterprise-scale architecture and technical design.
- Demonstrated experience developing security architectures for large, complex, and distributed organizations spanning on-premises, managed hosting, hybrid, and cloud environments.
- Broad knowledge of enterprise security architecture, including network security, cloud security, application delivery, web application protection, PKI, IAM, firewalls, SIEM, security logging, threat detection, and network visibility.
- Strong hands-on experience with F5 BIG-IP, including application delivery, load balancing, secure ingress and egress, SSL/TLS services, certificate management, traffic policy, and application-security use cases.
- Strong hands-on experience with Cisco ASA, Cisco Identity Services Engine, and Palo Alto Networks next-generation firewalls or comparable enterprise firewall and network access-control technologies.
- Strong understanding of enterprise network architecture, including routing, segmentation, MPLS and WAN environments, ingress and egress design, high availability, security service placement, encrypted transport, and traffic-flow analysis.
- Experience designing security for externally accessible applications using application delivery controllers, reverse proxies, web application firewalls, edge-security services, DDoS protections, and centralized certificate-management capabilities.
- Experience designing security architectures for Microsoft Azure and Amazon Web Services, including cloud networking, identity integration, cloud-native WAF services, logging, segmentation, certificate management, and hybrid connectivity.
- In-depth understanding of enterprise PKI, including certificate authority hierarchies, trust models, digital certificates, cryptographic keys, enrollment protocols, revocation, TLS, certificate lifecycle management, and automation.
- Experience designing IAM architectures involving authentication, authorization, federation, privileged access, machine identities, workload identities, network access control, and policy-based access enforcement.
- Experience assessing and improving enterprise firewall policies, including rule-base analysis, policy rationalization, least-privilege enforcement, application identification, control placement, and reduction of unnecessary rule complexity.
- Experience designing SIEM, centralized logging, network detection and response, threat-hunting, telemetry-routing, or security-data architectures.
- Understanding of network-packet visibility and traffic-brokering architectures. Experience with Gigamon or a comparable platform is highly desirable.
- Experience developing or supporting enterprise encrypted-traffic inspection and TLS decryption strategies.
- Familiarity with security data pipelines, observability platforms, data-lake architectures, and telemetry-routing technologies such as Cribl or comparable platforms.
- Familiarity with infrastructure-as-code, configuration management, policy automation, version control, and repeatable security deployment practices.
- Demonstrated ability to translate cybersecurity strategy, business requirements, and technical risks into practical architectures, standards, implementation plans, and prioritized roadmaps.
- Exceptional written and verbal communication skills, with the ability to explain complex architectural concepts and technical risks to both engineering and executive stakeholders.
- Demonstrated ability to lead cross-functional initiatives involving infrastructure, network, cloud, application, security operations, vendor, and managed-service-provider teams.
- Relevant professional certification such as CISSP, CCSP, SABSA, TOGAF, or an equivalent security, cloud, network, or architecture certification.
- Authorization to work in the United States.
- Competitive salary, paid biweekly
- $100 monthly reimbursement for cell phone and Internet
- $3000 yearly training budget
- Top-tier medical, dental, and vision insurance coverage
- Medical, dental, and vision insurance premiums covered 100% by Foxtrot Division
- Unlimited PTO policy including 11 paid holidays
- Parental leave
- On-the-spot cash awards
- Foxtrot Division sponsored events and activities
Why Foxtrot? We're not just another security team. We're problem-solvers, innovators, and protectors of the customer's mission. At Foxtrot Division, you'll be empowered to make an impact, encouraged to explore smarter solutions, and supported by a team that values expertise as much as curiosity. Ready to protect the perimeter and push the boundaries? Join us on the front line of cyber defense!
Scan to Apply
Just scan this QR code to apply from your phone.
Job Location
Remote
Frequently asked questions about this position
Continue to apply
Enter your email to continue. You’ll be redirected to the employer’s application.By clicking Continue, you understand and agree to JobTarget's Terms of Use and Privacy Policy.