Senior Cyber Security Architect to lead the design, deployment and governance of enterprise cybersecurity platforms

Senior Cyber Security Architect to lead the design, deployment and governance of enterprise cybersecurity platforms

Overview

We are seeking a highly senior Identity, PKI, and Privileged Access Security Architect to lead the design, deployment, and governance of enterprise cybersecurity platforms. This role requires deep expertise in PKI, Active Directory / Entra ID, CyberArk PAM, and Hardware Security Modules (HSMs) across complex, large-scale environments. The ideal candidate combines hands on technical mastery with strong architectural leadership, automation expertise, and compliance-driven design.

Must haves:

• 10+ years of experience as a Cyber Security Architect in PKI and CyberArk PAM
• Extensive hands-on experience with enterprise PKI rollout and management
• Proven experience with CyberArk Vault, PSM (on prem), and CyberArk SaaS
• Deep expertise in CyberArk automation, APIs, and system integrations
• Strong experience with HSM platforms, specifically Thales (or equivalent)
• Advanced knowledge of Active Directory and Microsoft Entra ID
• Demonstrated experience operating in large, complex enterprise environments
• Strong security architecture skills using frameworks such as TOGAF
• Excellent understanding of security compliance frameworks (NIST, ISO, etc.)

Nice to haves:

• Experience with Keyfactor or other external PKI management platforms
• Experience in regulated industries (financial services, healthcare, government)
• Exposure to Zero Trust or cloud identity security models

Key Responsibilities

PKI & Cryptographic Services

• Lead enterprise wide PKI architecture, rollout, and lifecycle management
• Design, operate, and secure internal and external Certificate Authorities (CAs)
• ntegrate PKI with Active Directory, Entra ID, and external providers (e.g., Keyfactor)
• Manage certificate issuance, renewal, revocation, and automation at scale
• Ensure secure key handling, rotation, and storage aligned with cryptographic best practices

Hardware Security Modules (HSM)

• Design and operate SM backed cryptographic solutions
• Hands on experience with Thales HSM platforms (and similar enterprise HSM vendors)
• Ensure HSM integration with PKI, CyberArk, and identity platforms
• Enforce secure key custody aligned with regulatory and compliance requirements

Privileged Access Management (PAM)

• Lead architecture and operations for CyberArk PAM solutions, including:
• CyberArk Vault (on premises)
• CyberArk SaaS / EPM / PSM
• Deep hands on experience with CyberArk PSM (Privileged Session Manager)
• Design and implement CyberArk automation, API integrations, and onboarding pipelines
• Secure privileged accounts across infrastructure, applications, cloud, and DevOps platforms

Identity & Directory Services

• Architect and manage enterprise Active Directory and Microsoft Entra ID
• Integrate identity with PKI, PAM, and access control workflows
• Enforce strong authentication, authorization, and identity lifecycle governance

Architecture, Strategy & Governance

• Act as an enterprise security architect, defining long term identity, PKI, and PAM strategy
• Apply TOGAF or equivalent enterprise architecture frameworks
• Align designs with Zero Trust principles
• Partner with infrastructure, cloud, application, and network teams on secure design

Compliance & Risk Management

• Ensure solutions comply with NIST, ISO 27001, ISO 22301, and related frameworks
• Support audits, risk assessments, and regulatory reviews
• Define control standards and security architecture patterns

Leadership & Communication

• Communicate complex security concepts to executive, architectural, and engineering audiences
• Produce architecture documentation, standards, and roadmaps
• Serve as a senior escalation point and trusted technical authority