Principal Security Architect

We are seeking an experienced and strategic Principal Security Engineer to lead the design, implementation, and oversight of enterprise-class network and cloud security across our global infrastructure. This role blends deep technical expertise with strategic leadership and focuses on securing our on-premises data centers, public cloud platforms, and enterprise network edge using best-in-class tools like Palo Alto and Cisco.

This is a hands-on leadership role that influences global security architecture, mentors’ engineers, and collaborates with cross-functional teams to protect our digital assets at scale.

Key Responsibilities

Security Architecture & Engineering

• Lead the design and evolution of security controls across hybrid cloud and on-prem environments.
• Architect and implement network segmentation, next-gen firewall policies, and zero-trust access models.
• Define secure connectivity strategies across WAN, remote access, data centers, and cloud networks.

Technology Ownership

• Serve as SME for Palo Alto Networks firewalls, Prisma Access, and Panorama.
• Lead security configuration, lifecycle management, and policy enforcement on Cisco security platforms (ASA, ISE, Firepower, Umbrella).
• Harden security for multi-cloud platforms (AWS, Azure, GCP) including IAM, VPCs, firewalls, and API security.

Operations & Response

• Lead threat detection and response for network and infrastructure incidents.
• Collaborate with SOC, GRC, and infrastructure teams to close security gaps and maintain compliance.
• Continuously improve security monitoring, alerting, and forensics capabilities.

Security Automation & Tooling

• Integrate security into CI/CD pipelines and infrastructure provisioning via Terraform, Ansible, or Python.
• Automate security posture checks and drift detection in public cloud and data center environments.
• Work with vulnerability management platforms and integrate findings into remediation workflows.

Governance, Risk & Compliance

• Define security baselines and configuration standards for networking and infrastructure teams.
• Ensure compliance with frameworks such as ISO 27001, NIST, CIS, and industry-specific requirements.
• Participate in audits, risk assessments, and security reviews for new technologies and vendors.

Required Qualifications

• 10+ years of experience in infrastructure or network security, with 3+ years in a principal or lead role.
• Deep expertise in Palo Alto Networks products and Cisco security platforms.
• Strong understanding of cloud security architecture and native security tools in AWS, Azure, and/or GCP.
• Experience securing on-premise and hybrid data centers, including virtualization and SDN technologies.
• Proven experience designing and enforcing enterprise security policies across global networks.
• Solid knowledge of routing/switching protocols (BGP, OSPF), VPNs, DNS security, and NAC.
• Familiarity with SIEM, NDR, and EDR tools for detection and response.
• Scripting/automation proficiency (Python, Bash, PowerShell, or IaC tools).

Preferred Qualifications

• Certifications such as PCNSE, CISSP, CCNP Security, AWS/Azure Security Specialty.
• Experience with identity federation (SAML, OAuth), secrets management, and PKI.
• Background in segmentation frameworks (e.g., SCADA/ICS, OT security), or data loss prevention (DLP).
• Experience in DevSecOps or cloud-native security tooling.

We are an equal-opportunity employer and do not discriminate because of race, color, religion, sex, national origin, ancestry, marital status, veteran status, age, disability, sexual orientation or gender identity or expression or any other legally protected category. InterSystems is an E-Verify Employer in the United States.