Enterprise Security Analyst

Kavaliro is seeking an Enterprise Security Architect to support a client in Texas. Work Location Jersey City, NC, Houston, TX, Orlando, or Durham, NC office and is subject to our hybrid working policy, which gives colleagues the benefits of working both in an office and remotely. About The Role The Enterprise Security Architect will help to lead the design, implementation, and oversight of secure systems and architectures across our organization. This role is critical to embedding security into enterprise processes, aligning with industry standards, and building a scalable security foundation. The ideal candidate will bring deep technical expertise, strong communication skills, and the ability to work independently or collaboratively to drive security initiatives and foster a security-first culture. Responsibilities Design, document, and maintain secure architecture patterns, diagrams, and reference architectures to guide security implementations across the organization. Conduct comprehensive security reviews of applications, systems, and networks, identifying vulnerabilities and recommending secure design strategies. Perform threat modeling and risk assessments to identify potential vulnerabilities and recommend appropriate mitigating controls. Partner with enterprise and line-of-business architects to integrate security seamlessly into designs and processes. Translate complex technical security concepts into clear, actionable insights for C-level executives, business leaders, non-technical stakeholders, and technical engineering teams. Recommend mitigating controls, security tools, and remediation strategies to address security gaps and minimize risk. Stay current on security threats, vulnerabilities, and technologies to enhance the organization’s security posture. Promote a security-first culture by mentoring technical teams, educating stakeholders, and embedding security best practices into organizational workflows. Skills and Qualifications 7 years of hands-on experience in infrastructure, systems, networks, applications, or cloud security. Ability to create and review diagrams using tools such as Visio or Lucidchart. Familiarity with secure architecture patterns, reference architectures, and frameworks. Expertise in SaaS, PaaS, and IaaS environments, including platforms like AWS, Azure, M365, and Salesforce. Experience working with various identity and access management (IAM) solutions such as CyberArk, Okta, Ping Identity, Entra ID / Azure AD, and other tools supporting SSO, MFA, and PAM. Familiarity with tools like Jira, Confluence, and ServiceNow for workflow management and documentation. Expertise in threat modeling, vulnerability management, and risk assessments. Working knowledge of regulatory requirements and compliance standards such as NYDFS, CCPA, GLBA, PCI-DSS, HIPAA, SOX, and GDPR. Relevant certifications such as CISSP, CCSP, or equivalent. Ability to work independently or collaboratively in a team-oriented environment. Bachelor’s degree in a relevant field or proven record of experience in Information Technology and Cyber Security roles. Technical Skills Familiarity with protocols such as SAML, OAuth, OIDC, FIDO, PKI, JWT, LDAP, and Kerberos. Strong knowledge of common network protocols, including TCP / IP, HTTP / HTTPS, DNS, SMTP, SNMP, SSH, and VPN technologies. Expertise in encryption technologies (e.g., TLS, AES, RSA) and key management practices (e.g., KMS, HSM, PKI). Familiarity with firewalls, IDS / IPS, WAF, VPN, Routers, Switches, Load Balancers, Zero-Trust, microsegmentation, and SD-WAN security solutions, CASB, Proxy, SSE. Experience with SIEM tools such as Splunk, QRadar, or ArcSight and logging / monitoring best practices. Knowledge of Docker, Kubernetes, EKS, ECS, and OCP, including their security considerations. Proficiency in integrating security into DevOps pipelines with tools such as Jenkins, GitHub, Artifactory, Terraform, and Vault. Common Security and Architecture Frameworks Security Frameworks : NIST Cybersecurity Framework (CSF) ISO 27001 and 27002 CSA CCM (Cloud Controls Matrix) CIS Controls Architecture Frameworks : SABSA (Sherwood Applied Business Security Architecture) TOGAF (The Open Group Architecture Framework) AWS Well-Architected Framework Preferred Certifications TOGAF (The Open Group Architecture Framework) SABSA Foundation or Practitioner CISSP-ISSAP (Concentration in Security Architecture) Certified Cloud Security Professional (CCSP) GIAC Security Architecture (GDSA) AWS Certified Solutions Architect – Associate or Professional AWS Certified Security – Specialty Microsoft Certified : Azure Solutions Architect Expert Soft Skills Strong analytical and problem-solving abilities. Excellent interpersonal and collaboration skills. Strong organizational and time management skills. Adaptability and a commitment to continuous learning of new technologies and methodologies. Attention to detail and dedication to delivering high-quality results. High level of integrity and ethical conduct. Industry-Specific Experience Experience in financial services, insurance, or other regulated environments. Proven ability to design and implement security controls that align with industry regulations and standards. Experience conducting security assessments and audits in regulated industries. Familiarity with industry-specific threats and vulnerabilities to tailor security solutions. Compensation The anticipated salary range for this position is $145,000 to $165,000 at the commencement of employment. Not all candidates will be eligible for the upper end of the salary range. The actual compensation offered will ultimately be dependent on multiple factors, which may include the candidate’s geographic location, skills, experience and other qualifications. In addition, the position is eligible for a discretionary bonus in accordance with the terms of the applicable incentive plan. Benefit Offerings Include : Health and Wellness : We offer a range of medical, dental and vision insurance plans, as well as mental health support and wellness initiatives to promote overall well-being. Retirement Savings : We offer retirement benefits options, which vary by location. In the U.S., our competitive 401(k) Plan offers a generous dollar-for-dollar Company matching contribution of up to 6% of eligible pay and a Company contribution equal to 3% of eligible pay (subject to annual IRS limits and Plan terms). These Company contributions vest immediately. Employee Assistance Program : Confidential counseling services and resources are available to all employees. Matching charitable donations : Company matches donations to tax-exempt organizations 1 : 1, up to $5,000. Volunteer Time Off : Employees may use up to 16 volunteer hours annually to support activities that enhance and serve communities where employees live and work. Paid Time Off : Eligible employees start off with at least 24 Paid Time Off (PTO) days so they can take time off for themselves and their families when they need it. Eligibility for and participation in employer-sponsored benefit plans and Company programs will be subject to applicable law, governing Plan document(s) and Company policy. Kavaliro provides Equal Employment Opportunities to all employees and applicants. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Kavaliro is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Kavaliro will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and / or to receive all other benefits and privileges of employment, please respond to this posting to connect with a company representative.