Principle Cybersecurity Architect

Job Description

Job Description
Principle Cybersecurity Architect
Location: Boston, MA (Remote)
Role Type: Contract

Core Requirements:
• 10+ years of experience in cybersecurity architecture and engineering.
• Must have experience designing Post-Quantum Cryptography (PQC) strategies and crypto-agility frameworks for enterprise environments.
• Hands-on expertise in confidential computing using Trusted Execution Environments (TEEs).
• Lead architecture and deployment of identity threat detection & response (ITDR) solutions.
• Establish secure workload identity frameworks leveraging SPIFFE/SPIRE for zero-trust service-to-service authentication across distributed systems.
• Secure inference pipelines utilizing TensorRT-LLM and Triton Inference Server.
• Use Backstage IDP to Integrate security controls into platform engineering workflows.
• Enforce Kubernetes-native security policies using Kyverno.
• Ensure consistent policy-as-code enforcement across multi-cluster environments.
• Drive cost-aware security architecture aligned with FinOps principles.
• Design and implement post-quantum cryptography to future-proof enterprise security against emerging threats.

Other Requirements:
• Experience building privacy-preserving systems using differential privacy and federated learning
• Strong background in AI-driven cybersecurity, including UEBA, SOAR automation, and autonomous SOC architectures
• Advanced detection engineering, including detection-as-code and SIEM optimization at scale
• Deep expertise in Zero Trust Architecture (NIST 800-207) including identity-aware access and micro-segmentation
• Strong experience in cloud security across AWS, Azure, and GCP (CSPM, CWPP, CNAPP)
• Proven expertise in IAM/PAM, identity federation, and passwordless authentication (FIDO2, biometrics)
• Experience with DevSecOps (SAST, DAST, SCA, SBOM, secure SDLC)
• Strong knowledge of threat modeling frameworks (STRIDE, MITRE ATT&CK)
• Hands-on experience with SIEM/SOAR platforms and incident response automation
• Expertise in Kubernetes and container security, including runtime protection
• Experience in API security and service mesh security (mTLS, Zero Trust networking)
• Strong understanding of data security (DLP, encryption, tokenization, HSM-based key management)

Key Responsibilities:
Security Architecture & Strategy
• Define and implement enterprise-wide security architecture strategy across cloud and hybrid environments
• Lead Zero Trust transformation initiatives to reduce attack surface and improve security posture
• Design crypto-agility and future-proof encryption strategies for evolving threat landscapes Advanced Security Engineering
• Architect and deploy AI-driven threat detection and response systems
• Design and implement privacy-preserving and confidential computing solutions
• Lead post-quantum security readiness initiatives Cloud & Platform Security
• Secure large-scale multi-cloud and Kubernetes environments
• Design and deploy CNAPP platforms integrating CSPM, CWPP, and CIEM
• Build scalable DevSecOps pipelines with integrated security controls Threat & Risk Management
• Lead threat modeling, red teaming, and adversarial simulations
• Develop and enhance threat intelligence platforms aligned with MITRE ATT&CK
• Drive detection engineering and security observability improvements Data Protection & Resilience
• Architect enterprise data protection platforms (encryption, tokenization, DLP)
• Design cyber resilience strategies, including ransomware defense and recovery mechanisms

Note
Preferred Qualifications:
• Experience in financial services, telecom, or government sectors
• Familiarity with regulatory frameworks (SOC2, ISO 27001, HIPAA, PCI-DSS)
• Certifications such as CISSP, CISM, CCSP, AWS Security Specialty
• Experience leading large-scale security transformation programs
• Bachelor's or Master's in Computer Science, Cybersecurity, or related field (Master's preferred)