Senior Security Architect

We are seeking a Senior Security Architect who is not just a theoretician, but a practitioner. In this role, you will be the bridge between our security vision and the engineering reality. You will join a team where technical depth is non-negotiable, but where the ability to influence, guide, and mentor is equally critical.
We need someone who understands the Secure Software Development Lifecycle (SSDLC) and internal Security Operations best practices inside and out—not just as a compliance checklist, but as a seamless part of the engineering process. You must be able to stand “toe-to-toe” with senior engineers, understanding their code and constraints, while guiding them toward secure architectural decisions, as well as holistically look at the IT Security Operations toolkit and help implement automated solutions securely.

Key Responsibilities

• SSDLC and Security Operations Leadership: Partner and work with the Secure Software Development Lifecycle. Provide best practices to integrate security tooling (SAST, DAST, SCA) into CI/CD pipelines in a way that empowers developers rather than blocking them. For Security Operations
• Technical Partnership: Act as the primary security liaison to Product and Engineering teams. Participate in architectural reviews and deep-dive technical discussions where you can credibly challenge and improve engineering designs.
• Mentorship & Culture: Serve as a technical mentor to junior members of the security team and a security evangelist to the engineering organization.
• Design & Standards: Define and maintain secure coding standards and reference architecture. Write code/scripts where necessary to demonstrate “what good looks like.”
What We’re Looking For
• Engineering and IT Ops DNA: You have a strong background in software engineering or systems architecture as well as a firm understanding of modern IT Infrastructure. You can read code, write scripts, and understand complex distributed systems. You don’t just find vulnerabilities; you understand how to fix them in the code along with a positive disposition of collaboration and readiness with the various development teams. You can also work with the internal security team to improve and/or automate operational processes to enhance efficiencies.
• SSDLC Expertise: Proven experience designing and implementing SSDLC programs in a modern DevOps/Agile environment.
• Architectural Depth: Deep understanding of cloud security, identity management (IAM), microservices architecture, and API security.
• Communication & Soft Skills: This is a critical requirement. You must possess the emotional intelligence to navigate disagreements, influence without direct authority, and explain complex security concepts to non-technical stakeholders.
• Mentorship: A demonstrated history of leveling up those around you—whether it’s teaching a junior analyst how to perform a code review or helping a senior developer understand a cryptographic flaw.

Preferred Qualifications

• Tech Stack Proficiency: Strong familiarity with the Solarwinds core engineering stack, specifically C# / .NET Core for platform services, and Go (Golang) or Java for modern SaaS microservices.
• Cloud & Infrastructure: Hands-on experience architecting security for hybrid environments, with a specific focus on Microsoft Azure (primary) and AWS. Proficiency with Kubernetes (K8s), Docker, and container security is highly valued.
• Infrastructure as Code (IaC): Ability to secure and review infrastructure defined in Terraform or Ansible.
• Database Security: Familiarity with securing Microsoft SQL Server (MSSQL) and modern data stores like PostgreSQL or MongoDB.
• Scripting & Automation: Proficiency in Python or PowerShell for writing security automation scripts and glue code.
• Security Tooling: Experience integrating SAST/DAST/SCA tools (e.g., Github Advanced Security, Veracode, SonarQube, or similar) directly into Azure DevOps or GitHub Actions pipelines.
• Compliance & Certifications: Industry certifications such as CISSP, CCSP, or OSCP are a plus, as is experience with frameworks like NIST 800-53 or ISO 27001.