Lead Security Architect

TL;DR

Lead Security Architect: Providing design governance for secure infrastructure and technologies within the Enterprise Information Security Office, with an accent on corporate, market, and regulatory compliance. Focus on integrating security controls into DevOps, researching emerging technologies, and influencing security strategy.

Location: Hybrid role based in Reading, United Kingdom; Barcelona, Spain; or Prague, Czech Republic. (Work from home up to 2 days/week, and up to 30 days/year from any location globally.)

Company

hirify.global operates technology and communication innovations that power the global air travel industry, present in 95% of international airports.

What you will do

• Provide approvals for enterprise and solution architects to ensure infrastructure design compliance with security architecture governance.
• Document governance and approval decisions in wikis, architecture documents, blueprints, and other artifacts.
• Provide security architecture guidance and guardrails throughout the infrastructure lifecycle.
• Collaborate with DevOps teams and Product Owners to develop automated security controls as part of DevSecOps initiatives.
• Research emerging infrastructure security technologies and trends.
• Influence hirify.global's security policy, standards, and overall infrastructure security strategy.

Requirements

• 8+ years experience in an IT environment.
• In-depth knowledge of technical cyber security controls, including Next-Generation Firewalls, Network IDS/IPS, WAF, EDR, encryption, IAM, SIEM, and vulnerability management.
• Strong understanding of cloud-based architecture (IaaS, CI/CD pipelines) and cloud-based security controls (SASE, CSPM, CASB).
• Strong understanding of security automation (Ansible, Terraform, Puppet) and operating system/IT infrastructure hardening (CIS Benchmarks).
• Demonstrated application of key security principles: defence in depth, zero trust, least privilege, and segregation of duties.
• Excellent understanding of software-defined networking (SD WAN) and key networking technologies (IPv4 & v6, OSPF, BGP, IPSEC, MACSEC, DNSSEC).
• Experience with PCI DSS compliant designs and P2PE.
• Degree in a technical discipline or sufficient work experience.
• CISSP, CISM, or similar certification in the security field.

Nice to have

• Design experience with complex distributed DNS infrastructure (Anycast, RPZs).
• Sound understanding of PKI, privileged access/identity management.
• Knowledge of data privacy/security principles and Data Loss Prevention techniques.
• Exposure to working with global Internet, IP Transit, Metro-E, and MPLS providers.
• Knowledge of management of Windows, Linux, VMware, and KVM environments at scale.
• Previous experience with Agile and/or DevOps methodologies.

Culture & Benefits

• Diverse and inclusive environment, operating in 200 countries with 60 languages.
• Flex Week: Work from home up to 2 days/week.
• Flex Day: Adjust your workday to suit your life and plans.
• Flex-Location: Work from any location globally for up to 30 days/year.
• Employee Wellbeing: Access to Employee Assistance Program (EAP) and Champion Health platform.
• Professional Development: Access to training platforms, including LinkedIn Learning.
• Competitive benefits tailored to local market and employment status.