IT Security Architect

Role       : IT Security Architect

Location: New York, NY

Duration: 3 years

MOI        : Telephonic & MS Teams

Primary Skills: Active Directory, PAM, PKI, Cloud platforms, Endpoint Security, Azure AD, Entra ID and modern SIEM/EDR. platforms.

This is an Architect role. Need Candidates with a Minimum of 10+ Years of Experience. This is a 100% Remote role but we need Local Candidates only at this point in time.

Candidate must work as an Architect on at least 2 Projects.

About the Role:

• We are seeking a highly skilled Security Architect to play a pivotal role in strengthening our organization's defenses against evolving cyber threats.
• You will design, implement, and oversee security frameworks that ensure the integrity, confidentiality, and availability of our IT infrastructure spanning Active Directory, cloud platforms, endpoint security, and beyond.
• This is a role for someone who thrives in complex environments, brings technical expertise in enterprise security architecture, and is passionate about proactively defending modern IT ecosystems.

Key Responsibilities:

Identity & Access Security

• Enhance the security posture of Active Directory and Entra ID (Azure AD) through hardening and segmentation.
• Implement a Tiered Administrative Model to minimize the risk of lateral movement within privileged environments.
• Deploy and manage Privileged Access Management (PAM) solutions to ensure secure, role-based access control.
• Harden Kerberos configurations and monitor ticket activity for anomalous behavior and potential compromise.
• Conduct regular audits of AD and directory services configurations to identify risks and enforce security best practices.

Vulnerability & Configuration Management

• Lead efforts in vulnerability management across Windows and Linux platforms, ensuring timely remediation of known threats.
• Assist in the deployment of automated patching and configuration management tools to enforce security baselines and detect unauthorized changes.
• Security Monitoring & Incident Response
• Utilize SIEM solutions for real-time detection, monitoring, and analysis of security events.
• Integrate Endpoint Detection & Response (EDR) tools for advanced behavioral analysis and threat detection.
• Implement Collaborate on incident response efforts and continuously improve detection and response workflows.

PKI & Certificate Lifecycle Management

• Modernize and oversee certificate lifecycle management, including issuance, renewal, and revocation.
• Integrate PKI with MFA solutions to bolster authentication controls.
• Conduct regular audits of PKI environments to ensure alignment with internal policies and external standards.

Security Governance & Assessments

• Review risk assessment reports and partner with stakeholders to mitigate findings.
• Conduct regular security assessments, including infrastructure reviews and secure code evaluations, to proactively identify and remediate vulnerabilities.

Zero Trust Architecture

• Drive adoption of a Zero Trust model by implementing continuous identity and device verification mechanisms.
• Enforce least privilege access and design conditional access policies that leverage real-time risk intelligence.

 Preferred Qualifications:

• 7+ years in enterprise IT security, with at least 3 years in an architectural or design-focused role.
• Expertise in Active Directory, Azure AD/Entra ID, PAM, PKI, and modern SIEM/EDR platforms.
• Hands-on experience with Zero Trust models, multi-factor authentication, and behavior-based threat detection.
• Proficiency in security automated response mechanisms to contain and mitigate threats upon detection.
• Y in securing hybrid cloud/on-prem environments.
• Familiarity with frameworks such as NIST, CIS Controls, and ISO 27001 is a plus.
• Strong analytical, communication, and documentation skills.