Principal Cybersecurity Architect - Network Security Posture Management

Principal Cybersecurity Architect – Network Security Posture Management

San Francisco, California, United States

IonQ, Inc. is the world's leading quantum platform and merchant supplier - delivering integrated quantum solutions across computing, networking, sensing, and security. IonQ's newest generation of quantum computers, the IonQ Tempo, is the latest in a line of cutting-edge systems that have been helping customers and partners including Amazon Web Services, and AstraZeneca achieve 20x performance results and accelerate innovation in drug discovery, materials science, financial modeling, logistics, cybersecurity, and defense. In 2025, the company achieved 99.99% two-qubit gate fidelity, setting a world record in quantum computing performance. Headquartered in College Park, Maryland, IonQ has operations in California, Colorado, Massachusetts, Tennessee, Washington, Italy, South Korea, Sweden, Switzerland, Canada, and the United Kingdom. Our quantum computing services are available through all major cloud providers, while we also meet the needs of networking and sensing customers across land, sea, air, and space. IonQ is making quantum platforms more accessible and impactful than ever before.

This role can work onsite or hybrid in San Francisco Bay Area, CA. Travel: Up to 10% Job ID: 1560

The Role

We are looking for a Principal Cybersecurity Architect to own the security posture strategy for our Network Security Posture Management (NSPM) platform. You'll work at the intersection of network security, compliance, and platform engineering — defining how the platform assesses, measures, and enforces security posture across large, heterogeneous network environments.

In this role, your primary focus is designing and codifying security posture assessment rules that map network device configurations and behaviors against established security standards — and building the framework that makes it easy to onboard new standards as they emerge. You bring deep NSPM expertise, a strong understanding of network security principles, and the ability to translate complex compliance requirements into actionable, automatable rules that operate at scale across thousands of devices.

Responsibilities

• Design and own the security posture assessment rule framework, defining how device configurations, network behaviors, and access controls are evaluated against security standards including NIST CSF, CIS Benchmarks, ISO 27001, FISMA, and FedRAMP.
• Build and maintain a scalable rule authoring and lifecycle management system that allows new security standards and custom organizational policies to be onboarded, versioned, and deployed without platform re-architecture.
• Continuously monitor the evolving threat and compliance landscape — translating emerging standards, regulatory changes, and new CVEs into updated posture assessment rules that keep the platform current and defensible.
• Define the risk scoring and prioritization model that aggregates individual posture findings into a coherent, actionable security posture score at the device, segment, and enterprise level.
• Collaborate with platform engineering teams to ensure posture assessment rules execute efficiently at scale across large network device fleets, with well-defined APIs for rule ingestion, evaluation, and results delivery.
• Engage with enterprise customers and internal stakeholders to understand their compliance requirements, translating them into platform capabilities and serving as the authoritative security subject matter expert for the product.
• Partner with Product and Engineering to shape the NSPM roadmap, ensuring security posture capabilities remain ahead of the regulatory curve and deliver measurable value to network security and compliance teams.
• Mentor engineers and security analysts on posture rule design, threat modeling, and compliance mapping, establishing rigorous review processes that ensure accuracy and defensibility of every assessment rule shipped.

Requirements

• 12+ years of experience in cybersecurity, network security, or security architecture, with at least 5 years in a senior or principal capacity focused on network security posture, compliance, or policy enforcement at scale.
• Deep, hands-on experience with Network Security Posture Management (NSPM) platforms and tools, with a demonstrable track record of designing and operationalizing posture assessment rules across large enterprise networks.
• Comprehensive knowledge of major security standards and frameworks including NIST CSF, CIS Benchmarks, ISO 27001, FISMA, and FedRAMP, with the ability to interpret control requirements and translate them into precise, automatable assessment rules.
• Strong understanding of network device security — including firewall policy analysis, routing protocol security, access control, and configuration hardening across multi- vendor environments (Cisco, Juniper, Palo Alto, Fortinet).
• Proven ability to operate across both strategic and technical dimensions — engaging executive stakeholders on compliance risk while working closely with engineering teams on rule design, data modeling, and platform integration.

Preferred Qualifications

• Industry certifications such as CISSP, CISM, CCNP Security, or equivalent credentials that demonstrate deep, validated expertise in network security and information security management.
• Prior experience at a network security vendor, MSSP, or large enterprise security team, with direct exposure to how security posture policies are enforced across complex, multi- vendor network infrastructures.
• Familiarity with Zero Trust architecture principles and their practical application to network segmentation, device trust, and least-privilege access enforcement in enterprise environments.
• Experience contributing to or authoring security standards, CIS Benchmark profiles, or DISA STIGs, or participation in industry working groups focused on network security policy and compliance.
• Understanding of CVE lifecycle management, SBOM analysis, and vulnerability correlation as they apply to network device firmware and software supply chain risk assessment.

The approximate base salary range for this position is $248,557 - $325,425. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site.

Compensation will vary based on individual factors such as education, qualifications, and experience of the final candidate(s), specific office location, and calibration against relevant market data and internal team equity. Posted base salary figures are subject to change as new market data becomes available. Our benefits include comprehensive medical, dental, and vision plans, matching 401K, unlimited PTO and paid holidays, parental/adoption leave, legal insurance, and a home technology stipend. Details of participation in these benefit plans will be provided when a candidate receives an offer of employment.

At IonQ, we believe in fair treatment, access, opportunity, and advancement for all while striving to identify and eliminate barriers. We empower employees to thrive by fostering a culture of autonomy, productivity, and respect. We are dedicated to creating an environment where individuals can feel welcomed, respected, supported, and valued. We are committed to equity and justice. We welcome different voices and viewpoints and do not discriminate on the basis of race, religion, ancestry, physical and/or mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, transgender status, age, sexual orientation, military or veteran status, or any other basis protected by law. We are proud to be an Equal Employment Opportunity employer.

US Technical Jobs. The position you are applying for will require access to technology that is subject to U.S. export control and government contract restrictions. Employment with IonQ is contingent on either verifying "U.S. Person" (e.g., U.S. citizen, U.S. national, U.S. permanent resident, or lawfully admitted into the U.S. as a refugee or granted asylum) status for export controls and government contracts work, obtaining any necessary license, and/or confirming the availability of a license exception under U.S. export controls. Please note that in the absence of confirming you are a U.S. Person for export control and government contracts work purposes, IonQ may choose not to apply for a license or decline to use a license exception (if available) for you to access export-controlled technology that may require authorization, and similarly, you may not qualify for government contracts work that requires U.S. Persons, and IonQ may decline to proceed with your application on those bases alone. Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law.

US Non-Technical Jobs. Due to applicable export control laws and regulations, candidates must be a U.S. citizen or national, U.S. permanent resident (i.e., current Green Card holder), or lawfully admitted into the U.S. as a refugee or granted asylum. Accordingly, we will have some additional questions regarding your immigration status that will be used for export control and compliance purposes, and the answers will be reviewed by compliance personnel to ensure compliance with federal law.

If you are interested in being a part of our team and mission, we encourage you to apply!