Role Overview
We are seeking an experienced Security Architect to provide hands-on security architecture support to our Retail business and technology teams. This role partners closely with Retail Technology, Product Architecture, Engineering, and Global Cybersecurity Services to ensure that security requirements are embedded into design decisions, delivery plans, and operational patterns without slowing product execution or over-engineering controls. The contractor will act as a trusted security architecture advisor, helping teams navigate risk, regulatory obligations, and modern architectural patterns across on-prem and cloud-enabled retail platforms.
Initial Focus
A strategic modernization initiative spanning retail platforms, shared services, and modular application components. The Security Architect will:
• Provide security architecture guidance across Vega domains (retail applications, APIs, data flows, identity, infrastructure).
• Perform and document architecture security reviews aligned to Vega design milestones.
• Ensure security patterns align with retail deployment realities (distributed sites, terminals, hybrid connectivity).
• Translate enterprise security standards into practical, implementable guidance for delivery teams.
Key Responsibilities
Security Architecture & Design
• Review and assess solution and platform architectures for retail systems, including application and API design.
• Identify security risks, design gaps, and control dependencies early in the lifecycle; recommend pragmatic mitigations.
• Define and promote security architecture patterns appropriate for retail and hybrid environments (on-prem, cloud-enabled, and distributed sites).
• Embed with Project Vega delivery teams to provide timely, actionable security input throughout discovery, design, build, and rollout.
• Participate in architecture reviews, design forums, and technical deep-dives; provide clear feedback and decision-ready recommendations.
• Support threat modeling and security risk assessments for new or changed capabilities.
• Partner with engineering to resolve findings pragmatically; balancing risk, cost, and delivery timelines.
Governance & Standards Alignment
• Ensure designs align with security architecture principles, applicable regulatory and contractual obligations, and internal security control baselines.
• Contribute to architecture decision records (ADRs) and security review documentation.
• Support audit-ready documentation for design decisions, exceptions, and risk acceptance where required.
Stakeholder Engagement
• Act as a bridge between security, retail technology, and product teams to drive shared outcomes.
• Clearly articulate security risks, options, and tradeoffs to both technical and non-technical stakeholders.
• Provide guidance that enables teams to move forward confidently rather than blocking progress.
Required Experience & Skills
Core Qualifications
• 8+ years of experience in security architecture or senior security engineering roles.
• Demonstrated experience supporting large-scale application or platform modernization programs.
• Strong understanding of application security architecture, identity and access management concepts, API and integration security, and cloud solutions
• Experience operating in hybrid retail or distributed environments (e.g., stores/sites, terminals/endpoints, hybrid connectivity) strongly preferred.
Technical & Architectural Skills
• Ability to interpret and influence solution architecture diagrams and design artifacts; comfortable working with reference architectures and target-state roadmaps.
• Familiarity with secure SDLC practices, threat modeling techniques, and vulnerability and risk assessment methodologies.
• Comfortable advising on security controls and patterns without prescribing specific vendor tools unless necessary.
Communication & Delivery
• Able to produce clear, concise security architecture documentation (reviews, recommendations, and decision records).
• Comfortable engaging with product managers, solution architects, engineers, and security and risk stakeholders.
• Pragmatic, delivery-oriented mindset with strong professional judgment.
Never miss an opportunity! Create an alert based on the job you applied for.
