Cybersecurity Architect (15+ years of expereince required)

Position: Cybersecurity Architect

Location: Dallas, TX - Onsite

Job Description:

Role Overview

As a Level 4 Senior Network Security Consultant you will oversee and support our critical security infrastructure. This role requires hands-on expertise with Proofpoint (POD, TRAP, TAP, Email Security), Imperva WAF, Zscaler cloud security platform, and Cisco ISE, Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB), for managing, supporting, and optimizing endpoint security solutions such as CrowdStrike, Trellix (formerly McAfee ePolicy Orchestrator), and other endpoint protection platforms. The role involves designing, implementing, and maintaining security solutions, incident response, policy development, and supporting secure network architectures.

Key Responsibilities

• Manage and support Proofpoint email security solutions including POD (Proofpoint On-Demand), TRAP (Threat Response Attachment Protection), TAP (Targeted Attack Protection), and overall email security architecture.
• Configure, monitor, and troubleshoot Imperva WAF for web application security.
• Implement and manage Zscaler security platform for cloud-based internet security.
• Maintain and optimize Cisco ISE for network access control and segmentation.
• Lead incident response efforts related to network security threats.
• Conduct security assessments, audits, and compliance checks.
• Develop and enforce security policies and procedures.
• Mentor junior staff and lead security projects.
• Collaborate with vendors and cross-department teams to ensure security measures are effective and up-to-date.
• Administer and troubleshoot enterprise PKI infrastructure including Microsoft ADCS.
• Manage certificate lifecycle: issuance, renewal, revocation, and CRL/OCSP validation.
• Integrate Venafi for certificate automation and orchestration across multi-cloud/hybrid environments.
• Manage external SSL/TLS certificates with DigiCert, including domain validation and SAN/Wildcard certs.
• Perform PKI health checks, vulnerability remediation, and root/intermediate CA maintenance.
• Define and implement certificate governance and key management best practices.
• Deploy, manage, and optimize Microsoft Defender for Cloud Apps (MDCA) for SaaS discovery, OAuth app governance, and conditional access enforcement.
• Operate Netskope CASB for inline and API mode enforcement.
• Implement shadow IT discovery, sanctioned app policies, and anomaly detection.
• Design, implement, and fine-tune DLP policies across endpoint, email, and cloud channels.
• Manage Microsoft Purview DLP including sensitive information types, EDMs, and trainable classifiers.
• Operate Trellix (McAfee) and Netskope DLP for endpoint and policy enforcement..
• Lead false positive tuning, incident analysis, and cross-platform correlation.
• Deploy, configure, and maintain endpoint security solutions including CrowdStrike Falcon, Trellix, and other AV/EDR tools.
• Monitor endpoint security alerts and respond promptly to threats or incidents.
• Perform regular updates, patch management, and health checks on endpoint security agents.
• Develop and enforce endpoint security policies across the organization.
• Conduct endpoint security assessments and vulnerability scans.
• Collaborate with IT teams to ensure endpoints are compliant with security standards.
• Investigate and analyze security incidents related to endpoints.
• Provide training and support to end-users and IT staff on endpoint security best practices.
• Stay current with emerging threats and evolving endpoint security technologies.
• Document procedures, incident reports, and security configurations.

Required Skills

• 15+ years of experience, Strong knowledge of network security protocols, Endpoint, and Data security architectures.
• Experience with incident response and forensic analysis.
• Communication and leadership skills.
• Ability to stay current with emerging security threats and technologies.

Certifications Preferred

• Certified Information Systems Security Professional (CISSP)
• Cisco Certified Network Associate (CCNA) Security
• Cisco Certified Network Professional (CCNP) Security
• Proofpoint Certified Security Professional
• Imperva Certified Security Professional
• Cisco Identity Services Engine (ISE) Specialist Certification (if available)
• Zscaler Certified Cloud Security Engineer (ZCCSE) or equivalent
• MCSE, SC-200,
• Trellix DLP,
• Netskope Certified Cloud Security Administrator (NCCSA),
• CompTIA Security+.
• Certified Endpoint Security Professional
• CompTIA Security+ or CySA+
• CrowdStrike Certified Falcon Administrator
• Trellix Endpoint Security Certification