Job Description

We're hiring a Enterprise Cyber Security Solution Architect for a great client we know well.  Please send resume and rate expectation for immediate consideration for these roles and other opportunities!

Location: North Tampa, FL (4 days onsite and 1 day remote) 
Contract salary range:  $125,000-$145,000 with 16 accrued days off + all client holidays paid for, medical benefits are also available.
(Retention bonus in lieu of relocation bonus may be considered for highly qualified candidates, subject to client approval.)
2 year contract with intention to convert following 6 months. 
FTE/Direct hire Salary once converted: Max $137K + Benefits: 401K (6% match), Pension plan, Stock plan, annual merit increase, and annual targeted 10% company performance paid bonus

POSITION CONCEPT

The Enterprise Cyber Security Solution Architect is responsible for designing, maturing, and governing enterprise wide cybersecurity solutions that protect critical information assets and infrastructure. This role serves as a solution architect and technical authority, defining future state architectures, security standards, and multi year roadmaps, while partnering with engineering teams, system integrators, and Managed Security Services (MSS) for execution and operations.

This position provides architectural leadership across Identity and Access Management (IAM) and Identity Governance (IGA), Privileged Access Management (PAM), Data Loss Prevention (DLP), Application Security, Public Key Infrastructure (PKI), and other cross tower cybersecurity capabilities. The role focuses on architecture, integration, and governance and does not perform hands on implementation or day to day administration.

________________________________________

PRIMARY DUTIES AND RESPONSIBILITIES

Identity Management & Identity Governance

(IAM / IGA – Microsoft Entra ID & Saviynt) – 35%

Responsible for the enterprise architecture, strategy, and maturity of Identity Management and Identity Governance & Administration capabilities.

•               Define and maintain IAM and IGA reference architectures, standards, and roadmaps aligned with Zero Trust and least privilege principles.

•               Provide solution architecture leadership for Microsoft Entra ID, including passwordless authentication, Conditional Access, advanced SSO, and identity federation patterns.

•               Architect and mature Saviynt IGA capabilities, including RBAC models, enterprise role catalogs, entitlement management, and access certifications.

•               Design identity controls to mitigate BYOD exposure, leveraging Conditional Access, session controls, and device trust strategies.

•               Lead enterprise integrations with CyberArk PAM, ServiceNow, SAP, and other business applications.

•               Govern non human and workload identities in coordination with PAM and IGA platforms.

________________________________________

Privileged Access Management

(PAM – CyberArk) – 25%

•               Serve as the enterprise PAM solution architect and design authority.

•               Define and lead the PAM maturity roadmap, supporting pilot deployments, enterprise rollout, and transition to MSS (Managed Service Partner) operations.

•               Architect advanced CyberArk capabilities including privileged session recording, Secure Credential Access (SCA), Secure Web Access (SWA), Just In Time (JIT) provisioning, access decoupling, and excessive privilege reduction.

•               Establish PAM reference architectures and standards across on premises, cloud, hybrid, and OT environments.

•               Provide architectural oversight and governance to system integrators to ensure scalable, secure, and compliant solutions.

________________________________________

Data Loss Prevention

(DLP – Microsoft Purview and Other Tools) – 15%

•               Serve as the solution architect for enterprise DLP capabilities, including Microsoft Purview.

•               Define architectural patterns for data classification, labeling, and protection across email, endpoints, cloud services, and data at rest.

•               Align DLP designs with IAM, Conditional Access, and data governance requirements.

•               Partner with Legal, Compliance, and Risk teams to ensure solutions meet regulatory and privacy requirements.

________________________________________

Application Security

Architecture & Secure SDLC Enablement – 15%

•               Define secure application reference architectures, design patterns, and secure coding standards.

•               Partner with development and DevOps teams to integrate security into the Software Development Lifecycle (SDLC) through design reviews and secure by design principles.

•               Provide architectural guidance for authentication, authorization, and secure data handling aligned with IAM, PAM, and DLP strategies.

•               Support application security risk assessments and security architecture reviews for business critical and high risk systems.

________________________________________

PKI & Certificate Management – 5%

•               Provide architectural leadership and governance for enterprise PKI and certificate lifecycle management.

•               Define standards for certificate issuance, renewal, revocation, and automation.

•               Support certificate based authentication strategies, including passwordless initiatives.

________________________________________

Cyber Defense & Security Governance (Cross Tower) – 5%

•               Contribute to architecture and governance of cyber defense and detection capabilities, including threat detection and response alignment.

•               Participate in development of enterprise security standards, policies, and control frameworks.

•               Serve as a trusted advisor in security architecture reviews and enterprise risk discussions.

________________________________________

RELATIONSHIPS

Key Internal:

Information Security, Enterprise Architecture, IAM/IGA teams, Application Development, Infrastructure, Cloud, Compliance, Risk, Audit, and Executive Leadership.

Key External:

System Integrators, Security Technology Vendors, Managed Security Service Providers, Auditors, and Industry Partners.

________________________________________

QUALIFICATIONS (SUMMARY)

•               Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, Engineering, or equivalent experience

•               8+ years of cybersecurity or IT experience with strong enterprise architecture exposure

•               Demonstrated expertise across IAM/IGA, PAM, DLP, Application Security, and PKI

•               Strong communication, documentation, and strategic planning skills

Licenses/Certifications

Required:        From the list of certification vendors, two related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.).

Preferred:        ITIL v3 and three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP).

Related Experience

Required:        8 years of related Cyber Security or IT experience (Information Systems Audit or Assessor role, Information Security role, systems management, systems administration, information systems security, system certification, risk analysis) with a focus on DLP and/or FIM solutions and security controls. 

Knowledge/Skills/Abilities (KSA)

Required:       

•               Possess an expert level of knowledge in the discipline of cybersecurity as well as a high level of competency in architecture, methodologies, and best practices for IAM, Data Protection, and Application and Infrastructure Security concepts, strategies, standards, functions, capabilities, and technologies.

•               A solid understanding of fundamental principles of cybersecurity, including threat landscape, vulnerabilities, and risk management.

•               Significant high-level system/security engineering experience with broad knowledge across many technologies.

•               Knowledge of systems security engineering (SSE) principles and practices.

•               Knowledge of secure software deployment principles and practices.

•               Knowledge of data classification tools and techniques.

•               Knowledge of enterprise architecture (EA) reference models, frameworks, principles, and practices.

•               Knowledge of the Open Systems Interconnect (OSI) reference model.

•               Knowledge of configuration management tools and techniques.

•               Knowledge of Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation (CIAAN) principles and practices.

•               Familiarity with relevant security standards and frameworks such as NIST Special Publication 800-53, ISO 27001, and others depending on the industry.

•               Knowledge of applicable laws and regulations governing information security, privacy, and data protection.

•               Understanding of information technology systems, network architecture, and common technologies to assess security controls effectively.

•               Knowledge of security control frameworks and their implementation, including access controls, encryption, and incident response.

•               Knowledge of advanced cybersecurity tools and platforms, such as SIEM, IDS/IPS, endpoint protection, and threat intelligence solutions, for effective risk analysis and mitigation.

•               Ability to conduct comprehensive risk assessments, identifying and analyzing security risks to information systems.

•               Technical skills to assess security controls, perform vulnerability assessments, and understand the technical aspects of security implementations.

•               Strong communication skills to effectively convey assessment findings, risks, and recommendations to technical and non-technical stakeholders.

•               Ability to create clear and detailed documentation, including assessment plans, reports, and recommendations.

•               Critical thinking and problem-solving skills to analyze complex security issues and recommend appropriate solutions.

•               Keen eye for detail to identify vulnerabilities, weaknesses, and discrepancies in security controls and documentation.

•               Ability to adapt to evolving cybersecurity threats, technologies, and regulatory requirements.

•               Ability to analyze complex datasets and identify trends and patterns that could indicate cybersecurity risks or vulnerabilities.

•               Adherence to ethical standards and professionalism, as SCAs often have access to sensitive information and play a critical role in maintaining the integrity of security assessments.

•               Collaboration with various stakeholders, including system owners, security teams, and management, to ensure a comprehensive understanding of the information system and its security controls.

•               Commitment to continuous learning and staying updated on the latest.

WORKING CONDITIONS

Normal working condition with occasional weekend and overtime requirements, including on-call rotational support.

PHYSICAL DEMANDS/ REQUIREMENTS

Normal physical demands related to an office workplace environment.