Principle Cybersecurity Architect

Principle Cybersecurity Architect

Location:

Boston, MA (Remote) Core Requirements

• 10 years of experience in cybersecurity architecture and engineering.
• Must have experience designing Post-Quantum Cryptography (PQC) strategies and crypto-agility frameworks for enterprise environments.
• Hands‑on expertise in confidential computing using Trusted Execution Environments (TEEs).
• Lead architecture and deployment of identity threat detection & response (ITDR) solutions.
• Establish secure workload identity frameworks leveraging SPIFFE/SPIRE for zero‑trust service‑to‑service authentication across distributed systems.
• Secure inference pipelines utilizing Tensor
  
  RT‑LLM and Triton Inference Server.
• Use Backstage IDP to integrate security controls into platform engineering workflows.
• Enforce Kubernetes‑native security policies using Kyverno.
• Ensure consistent policy‑as‑code enforcement across multi‑cluster environments.
• Drive cost‑aware security architecture aligned with Fin Ops principles.
• Design and implement post‑quantum cryptography to future‑proof enterprise security against emerging threats.

• Experience building privacy‑preserving systems using differential privacy and federated learning.
• Strong background in AI‑driven cybersecurity, including UEBA, SOAR automation, and autonomous SOC architectures.
• Advanced detection engineering, including detection‑as‑code and SIEM optimization at scale.
• Deep expertise in Zero Trust Architecture (NIST 800‑207), including identity‑aware access and micro‑segmentation.
• Strong experience in cloud security across AWS, Azure, and Google Cloud Platform (CSPM, CWPP, CNAPP).
• Proven expertise in IAM/PAM, identity federation, and passwordless authentication (FIDO2, biometrics).
• Experience with Dev Sec Ops  (SAST, DAST, SCA, SBOM, secure SDLC).
• Strong knowledge of threat modeling frameworks (STRIDE, MITRE ATT CK).
• Hands‑on experience with SIEM/SOAR platforms and incident response automation.
• Expertise in Kubernetes and container security, including runtime protection.
• Experience in API security and service mesh security (mTLS, Zero Trust networking).
• Strong understanding of data security (DLP, encryption, tokenization, HSM‑based key management).

Define and implement enterprise‑wide security architecture strategy across cloud and hybrid environments.

Lead Zero Trust transformation initiatives to reduce attack surface and improve security posture.

Design crypto‑agility and future‑proof encryption strategies for evolving threat landscapes.

Architect and deploy AI‑driven threat detection and response systems.

Design and implement privacy‑preserving and confidential computing solutions.

Lead post‑quantum security readiness initiatives.

Secure large‑scale multi‑cloud and Kubernetes environments.

Design and deploy CNAPP platforms integrating CSPM, CWPP, and CIEM.

Build scalable Dev Sec Ops  pipelines with integrated security controls.

Lead threat modeling, red teaming, and adversarial simulations.

Develop and enhance threat intelligence platforms aligned with MITRE ATT CK.

Drive detection engineering and security observability improvements.

Architect enterprise data protection platforms (encryption, tokenization, DLP).

Design cyber resilience strategies, including ransomware defense and recovery mechanisms.

• Experience in financial services, telecom, or government sectors.
• Familiarity with regulatory frameworks (SOC2, ISO 27001, HIPAA, PCI‑DSS).
• Certifications such as CISSP, CISM, CCSP, AWS Security Specialty.
• Experience leading large‑scale security transformation programs.
• Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field (Master’s preferred).