Cyber Security Architect

Job Description: The Senior Security Architect will manage and support enterprise-wide security solutions, including email, web, cloud, and endpoint security platforms. This role involves designing, implementing, monitoring, and optimizing security systems, performing incident response and threat analysis, enforcing security policies, and mentoring junior staff. The architect will collaborate with vendors and internal teams to ensure a secure and compliant IT environment. Responsibilities: Manage and support Proofpoint email security solutions, including POD, TRAP, TAP, and overall email security architecture. Configure, monitor, and troubleshoot Imperva WAF for web application security. Implement and manage Zscaler security platform for cloud-based internet security. Maintain and optimize Cisco Client for network access control and segmentation. Lead incident response efforts related to network security threats. Conduct security assessments, audits, and compliance checks. Develop and enforce security policies and procedures. Mentor junior staff and lead security projects. Collaborate with vendors and cross-department teams to ensure security measures are effective and up-to-date. Administer and troubleshoot enterprise PKI infrastructure, including Microsoft ADCS. Manage certificate lifecycle: issuance, renewal, revocation, and CRL/OCSP validation. Integrate Venafi for certificate automation and orchestration across multi-cloud/hybrid environments. Manage external SSL/TLS certificates with DigiCert, including domain validation and SAN/Wildcard certificates. Perform PKI health checks, vulnerability remediation, and root/intermediate CA maintenance. Define and implement certificate governance and key management best practices. Deploy, manage, and optimize Microsoft Defender for Cloud Apps (MDCA) for SaaS Client, OAuth app governance, and conditional access enforcement. Operate Netskope CASB for inline and API mode enforcement. Implement shadow IT Client, sanctioned app policies, and anomaly detection. Design, implement, and fine-tune DLP policies across endpoint, email, and cloud channels. Manage Microsoft Purview DLP, including sensitive information types, EDMs, and trainable classifiers. Operate Trellix and Netskope DLP for endpoint and policy enforcement. Lead false positive tuning, incident analysis, and cross-platform correlation. Deploy, configure, and maintain endpoint security solutions, including CrowdStrike Falcon, Trellix, and other AV/EDR tools. Monitor endpoint security alerts and respond promptly to threats or incidents. Perform regular updates, patch management, and health checks on endpoint security agents. Develop and enforce endpoint security policies across the organization. Conduct endpoint security assessments and vulnerability scans. Collaborate with IT teams to ensure endpoints are compliant with security standards. Investigate and analyze security incidents related to endpoints. Provide training and support to end-users and IT staff on endpoint security best practices. Stay current with emerging threats and evolving endpoint security technologies. Document procedures, incident reports, and security configurations. Required Skills: 15+ years of experience in network, endpoint, and data security architectures. Strong knowledge of network security protocols and architectures. Experience with incident response and forensic analysis. Excellent communication and leadership skills. Ability to stay current with emerging security threats and technologies. Certifications Preferred: Certified Information Systems Security Professional (CISSP). Cisco Certified Network Associate (CCNA) Security. Cisco Certified Network Professional (CCNP) Security. Proofpoint Certified Security Professional. Imperva Certified Security Professional. Cisco Client Specialist Certification (if available). Zscaler Certified Cloud Security Engineer (ZCCSE) or equivalent. MCSE, Client-200. Trellix DLP. Netskope Certified Cloud Security Administrator (NCCSA). CompTIA Security+ or CySA+. Certified Endpoint Security Professional. CrowdStrike Certified Falcon Administrator. Trellix Endpoint Security Certification.