Principal Cybersecurity Architect

Principal, Cybersecurity Architect

Remote (EST Candidates only)

6 Month CTH

Notes:

Remote position - Must work in Eastern Standard Time.

Work Schedule: Mostly work up to 9 AM EST, US time. Working through 10:00 - 11:00 EST occasionally.

Contract to hire opportunity. 6-month assignment duration with possibility for extension.

Candidate must be willing to relocate to Raleigh, NC to convert to full-time. Open to temporary remote-only assignments as well for candidates unable to relocate.

Ideal Candidate Profile Summary:

- Must Have: 10+ years' experience in cybersecurity architecture and engineering, with deep expertise across cloud, infrastructure, and application domains.

- Must Have: Be able to translate business requests into technical architecture documents. Knowledge of cybersecurity architecture. Be able to talk to all people in organization and drive cybersecurity strategy.

- Must Have: See JD for cloud knowledge, cybersecurity tools, etc. Must have technical skills with people skills

About the Role

The Principal, Cybersecurity Architect is a senior individual contributor role reporting to the Sr. Director of Cybersecurity Services. This position serves as a top-level technical expert responsible for shaping enterprise-wide security architecture strategy, defining security standards, and embedding cybersecurity into all layers of technology across AAP.

The Principal Architect drives architectural excellence, ensures alignment between cybersecurity and business objectives, and provides deep technical leadership across multi-cloud, infrastructure, application, and emerging technology domains. This role partners extensively with architects, engineering teams, IT leadership, and business stakeholders to deliver secure-by-design solutions and continuously improve the organization’s security posture.

Key Responsibilities

Security Architecture Leadership

Develop and maintain the enterprise security architecture strategy, ensuring alignment with business, technology, and threat landscapes.

Define and evolve reference architectures, models, standards, templates, and reusable security patterns for use across projects and operations.

Lead the development of architecture roadmaps covering on-premises environments and multi-cloud platforms (AWS, GCP).

Cloud & Infrastructure Security

Lead security architecture for AWS and GCP, ensuring secure network design, identity, data protection, logging/monitoring, and workload security.

Validate infrastructure components (firewalls, IPS, WAF, EDR/antimalware, etc.) against best practices and recommend improvements.

Architect and guide implementation of advanced cloud security controls, including encryption, network segmentation, key management, and workload protection.

Identity, Access, and Zero Trust

Design and enforce IAM strategy and architecture, including SSO, MFA, RBAC, least privilege, and identity lifecycle management.

Apply Zero Trust principles to enterprise architecture, identity, data, applications, and network boundaries.

Security Strategy, Risk & Threat Intelligence

Track industry, technology, and threat trends; integrate insights into architectural decisions and cybersecurity strategy.

Conduct threat modeling (STRIDE, PASTA, MITRE ATT&CK) to inform secure solution design.

Ensure architectural alignment with regulatory, compliance, and industry frameworks (NIST, ISO 27001, SOC 2, HIPAA, PCI).

Architecture Review & Governance

Perform architecture reviews for cloud, applications, infrastructure, and configurations to ensure adherence to enterprise security standards.

Serve as a trusted advisor to enterprise architects, solution architects, engineering teams, and product teams.

Collaborate with control owners and security engineers to define and allocate appropriate security controls.

OT/IoT & Emerging Technology Security

Partner with operational and facility management teams to review cybersecurity controls for OT and IoT systems.

Incident Response & Technical Expertise

Provide advanced architectural guidance during security incidents, including cloud forensics, containment strategies, and remediation design.

Continuous Innovation & Improvement

Evaluate new security technologies, methodologies, and automation capabilities to strengthen enterprise security posture.

Contribute to continuous improvement initiatives across cybersecurity services, engineering, and operations teams.

Required Qualifications

10+ years of experience in cybersecurity architecture and engineering, with deep expertise across cloud, infrastructure, and application domains.

Proven experience designing, implementing, and governing enterprise-scale security architectures.

Strong understanding of security architecture frameworks, principles, and best practices (e.g., Zero Trust, data isolation, encryption).

Hands-on experience with AWS and GCP security services and controls.

Experience with NIST, ISO 27001, MITRE ATT&CK, and other security frameworks.

Background in process optimization methodologies (Lean, Six Sigma, ITIL, Agile).

Experience with container and serverless security (Kubernetes, Docker, Helm).

Hands-on experience with SIEM, SOAR, EDR, cloud security tools, and vulnerability management.

Strong communication skills, including the ability to influence technical and nontechnical stakeholders.

Preferred

Certifications such as CISSP, CISM, CISA, ITIL, Lean Six Sigma, PMP, or architecture frameworks.

Experience in large, complex enterprises or regulated industries.

Expertise in cybersecurity automation, scripting, and security analytics.