External Perimeter Security Architect
Delphi-US, LLC - Peacemakers in the Talent War · Chicago, IL · 2 days ago
Information Technology$120–$140/hrContract
About the role
Join a leading organization in a strategic security initiative focused on redesigning and hardening external perimeter defenses across cloud and on-premises environments. This role involves assessing current risks, developing phased remediation plans, and implementing operationally effective security controls to minimize exposure.
Key Responsibilities
- ASSESS and REENGINEER the existing external perimeter security architecture for both cloud and on-premises environments.
- DELIVER feasibility assessments and phased remediation roadmaps documented in Confluence.
- CONDUCT connection-by-connection assessments of high-risk network paths, documenting replacement options and breaking findings into milestone-based remediation phases.
- EXTEND architecture controls across hybrid environments, ensuring security measures are operationally effective and business-friendly.
- DESIGN and IMPLEMENT AWS security controls, including SCPs, Resource Policies, and VPC Endpoints to enforce isolation.
- HARDEN IAM controls and access patterns through guardrails.
- CONFIGURE data flow controls and encryption for data at rest and in transit.
- MANAGE multiple AWS accounts, prioritizing and scaling remediation efforts.
- EMBED AI-augmented tooling into architecture review workflows.
- EVALUATE and HARDEN CI/CD pipeline architecture and Infrastructure-as-Code configurations.
- MANTAIN security correctness throughout change lifecycle, establishing segmentation and zero-trust enclaves.
- MAP findings to TTPs to support early detection and remediation.
Required Qualifications
- Deep expertise in network security architecture, external perimeter design, and SD-WAN technologies.
- Strong knowledge of Zero Trust principles and segmentation strategies.
- Hands-on experience securing AWS environments, including Control Tower, Security Hub, Config, GuardDuty, SCPs, Resource Policies, and VPC Endpoints.
- Experience with cloud networking, cross-account security management, and encryption controls for data at rest and in transit.
- Familiarity with CI/CD pipeline security and infrastructure-as-code environments using tools such as Jenkins and Ansible.
- Ability to assess operational risks, develop phased remediation plans, and document architectural recommendations.
- Exposure to AI-assisted development and security tooling, including Claude Code, OpenAI Codex, or Gemini CLI, is highly desirable.
Preferred Qualifications
- Privileged Access Management fundamentals.
- Experience with AI coding agents and security tooling.
- Financial services or regulated environment experience, with a background in designing scalable, secure enterprise architectures.