Associate Enterprise Security Architect
Upbound Group · Plano, TX · 1 wk ago
Information TechnologyFull-time
Key Responsibilities
- Aid in developing and maintaining enterprise security architecture standards, patterns, reference architectures and designs (identity, network segmentation, endpoint, cloud, application, data protection, AI, etc.)
- Aid in building the Enterprise Security Architecture framework for the company utilizing SABSA methodology at the direction of a SABSA certified architect.
- Participate in architecture and design reviews to ensure major initiatives align with enterprise security principles, approved patterns, and business objectives.
- Help define security requirements and controls that can be reused across teams, products, and platforms, including AI controls focused on GenAI, Agents, Agentic, MCP, RAG, etc.
- Support the creation and maintenance of target-state security roadmaps (e.g., Zero Trust adoption, logging and detection strategy, IAM modernization, AI Security).
- Contribute to security governance processes, including exception handling, risk acceptance support, and documenting architectural decisions.
- Partner with Security Engineering and IT to ensure enterprise standards can be implemented operationally (pragmatic, measurable, and supportable).
- Assist in vendor and technology evaluations to ensure tools align with architectural standards and integrate with the broader ecosystem.
- Map security architecture to compliance frameworks and internal policies (NIST CSF, NIST AI RMF, SOC 2, ISO 27001, PCI DSS, etc.), ensuring designs support auditability.
- Contribute to metrics and reporting on architecture adoption (pattern usage, exceptions, gaps, and roadmap progress).
- Maintain clear architecture documentation and communicate standards to stakeholders through presentations, docs, and working sessions.
Focus Areas
- Identity and Access Management (SSO, MFA, lifecycle automation, privileged access)
- Network and segmentation models (Zero Trust, secure access, remote connectivity)
- Cloud security baselines (landing zones, guardrails, policy-as-code)
- Data classification and protection (encryption, key management, DLP, DSPM)
- AI Security (data security and governance, model security, API, IAM, IRP)
- Logging, monitoring, and detection architecture (SIEM strategy, telemetry standards)
- Secure SDLC guardrails (security gates, code scanning standards, secrets management)
Required Qualifications
- 2 to 5+ years of experience in information security, security engineering, IT, systems engineering, or related technical roles.
- Familiarity with cloud concepts and shared responsibility (AWS, Azure, and/or GCP) and how security guardrails are implemented in cloud environments.
- Experience with design and implementation of AI security controls for enterprise environments.
- Ability to translate security risk into clear requirements and actionable guidance for engineering and IT teams.
- Strong documentation and communication skills (comfortable writing standards and presenting to stakeholders).
- Understanding of common security frameworks and control concepts (e.g., NIST CSF, NIST AI RMF, NIST 800-53, CIS Controls, OWASP, PCI/DSS, etc.).
- Familiarity with SABSA Enterprise Security methodology.
- Self-accountability is a must.
Preferred Qualifications
- Exposure to enterprise architecture concepts (capability models, target-state roadmaps, architecture review boards).
- Exposure to SABSA Enterprise Security methodology, in practice.
- Experience contributing to Zero Trust programs, segmentation strategies, enterprise IAM modernization and enterprise AI security.
- Familiarity with GRC processes (risk exceptions, control mapping, audit support), without being purely a compliance role.
- Experience with security architecture modeling or diagramming (e.g., C4, ArchiMate, Visio/Lucidchart).
- Experience in security solutions design and evaluation.