IT Security Architect

Job Title: IT Security Architect

Job Location: New York, NY

Job Description:
We are seeking a highly skilled Security Architect to play a pivotal role in strengthening our organization's defenses against evolving cyber threats. You will design, implement, and oversee security frameworks that ensure the integrity, confidentiality, and availability of our IT infrastructure spanning Active Directory, cloud platforms, endpoint security, and beyond. This is an role for someone who thrives in complex environments, brings technical expertise in enterprise security architecture, and is passionate about proactively defending modern IT ecosystems.

Key Responsibilities Identity & Access Security:

Enhance the security posture of Active Directory and Entra ID (Azure AD) through hardening and segmentation.

Implement a Tiered Administrative Model to minimize the risk of lateral movement within privileged environments.

Deploy and manage Privileged Access Management (PAM) solutions to ensure secure, role-based access control.

Harden Kerberos configurations and monitor ticket activity for anomalous behavior and potential compromise.

Conduct regular audits of AD and directory services configurations to identify risks and enforce security best practices.

Vulnerability & Configuration Management:

Lead efforts in vulnerability management across Windows and Linux platforms, ensuring timely remediation of known threats.

Assist in the deployment of automated patching and configuration management tools to enforce security baselines and detect unauthorized changes.

Security Monitoring & Incident Response:

Utilize SIEM solutions for real-time detection, monitoring, and analysis of security events.

Integrate Endpoint Detection & Response (EDR) tools for advanced behavioral analysis and threat detection.

Implement automated response mechanisms to contain and mitigate threats upon detection.

Collaborate on incident response efforts and continuously improve detection and response workflows.

PKI & Certificate Lifecycle Management:

Modernize and oversee certificate lifecycle management, including issuance, renewal, and revocation.

Integrate PKI with MFA solutions to bolster authentication controls.

Conduct regular audits of PKI environments to ensure alignment with internal policies and external standards.

Security Governance & Assessments:

Review risk assessment reports and partner with stakeholders to mitigate findings.

Conduct regular security assessments, including infrastructure reviews and secure code evaluations, to proactively identify and remediate vulnerabilities.

Zero Trust Architecture:

Drive adoption of a Zero Trust model by implementing continuous identity and device verification mechanisms.

Enforce least privileged access and design conditional access policies that leverage real-time risk intelligence.

Preferred Qualifications:

7+ years in enterprise IT security, with at least 3 years in an architectural or design-focused role.

Expertise in Active Directory, Azure AD/Entra ID, PAM, PKI, and modern SIEM/EDR platforms.

Hands-on experience with Zero Trust models, multi-factor authentication, and behavior-based threat detection.

Proficiency in securing hybrid cloud/on-prem environments.

Familiarity with frameworks such as NIST, CIS Controls, and ISO 27001 is a plus.

Strong analytical, communication, and documentation skills.