SENIOR CYBERSECURITY ARCHITECT

PROPELEX CYBERSECURITY SENIOR CYBERSECURITY ARCHITECT Full-Time |  Exempt | Hybrid / Client SiteExperience Required: 10–15 Years Position Summary Propelex Cybersecurity is a leading cybersecurity consulting firm dedicated to helping organizations of all sizes build resilient, mature security programs. We partner with clients across industries to assess, architect, and operationalize security solutions that address today’s most complex threats.  We are seeking an accomplished Senior Cybersecurity Architect to join our consulting practice and deliver high-impact security architecture engagements across our client portfolio. In this senior role, you will serve as a trusted advisor and hands-on technical expert, working directly with client stakeholders — from security engineers to C-suite executives — to design, implement, and mature their security programs. You will lead client-facing engagements spanning network security, identity management, vulnerability management, endpoint protection, and offensive security, while representing Propelex Cybersecurity’s commitment to excellence on every project.  Key Responsibilities As a Senior Cybersecurity Architect at Propelex Cybersecurity, you will be deployed across multiple client engagements simultaneously, serving as the firm’s senior technical representative. Responsibilities span the full engagement lifecycle — from scoping and discovery through architecture design, implementation oversight, and client knowledge transfer.  Security Architecture & Strategy Lead client-facing security architecture engagements, delivering risk-based designs aligned with client business objectives and frameworks such as NIST CSF, MITRE ATT&CK, and CIS Controls. Define security standards, reference architectures, and guardrails for client on-premises, hybrid, and cloud environments. Conduct threat modeling and attack-surface analysis for client systems, presenting findings and compensating control recommendations to technical and executive audiences. Serve as a trusted advisor to client C-suite and board-level stakeholders on cybersecurity risk posture, roadmap priorities, and technology investment decisions. Produce high-quality client deliverables including architecture documentation, gap assessments, executive briefings, and remediation roadmaps.  Network Security & Firewall Management Assess, design, and implement enterprise network security architectures for clients, including segmentation, perimeter controls, and Zero Trust Network Access (ZTNA) initiatives. Lead advanced configuration, rule-set optimization, and lifecycle management of Palo Alto Networks (PA) and Check Point firewall platforms across diverse client environments. Deliver client-facing findings, remediation recommendations, and implementation support for network security improvement programs.  Identity & Access Management (IAM) and Privileged Access Management (PAM) Lead IAM and PAM advisory and implementation engagements for clients, including governance model design, RBAC frameworks, and just-in-time (JIT) access workflows. Design and deploy PAM solutions (e.g., CyberArk, BeyondTrust, Delinea) within client environments, securing privileged credentials and enforcing session monitoring. Integrate client IAM ecosystems with SSO, MFA, and directory services, delivering secure and seamless user lifecycle management across the organization.  Vulnerability Management Design and mature vulnerability management programs for clients using Tenable (Nessus/Tenable.io/Tenable.sc) and Qualys platforms, including scan policy design, asset grouping, and remediation tracking. Establish SLA-driven remediation workflows, risk scoring methodologies, and executive reporting dashboards tailored to each client’s risk appetite. Correlate client vulnerability data with current threat intelligence to prioritize remediation based on exploitability and business impact.  Extended Detection & Response (XDR) Architect and tune XDR/EDR solutions for clients, including CrowdStrike Falcon and SentinelOne, achieving high-fidelity detection and automated response within each client’s unique environment. Define detection engineering processes, custom rule development, and SIEM/SOAR integration patterns as part of client security operations maturity engagements. Collaborate with client SOC teams to improve threat hunting practices, incident response playbooks, and mean-time-to-detect/respond metrics.  Penetration Testing & Red Team Programs Plan and execute internal and external penetration testing engagements on behalf of Propelex Cybersecurity clients, including scoping, methodology selection, rules of engagement definition, and formal reporting of findings. Manage third-party pen testing subcontractor relationships when applicable and ensure findings are tracked through risk acceptance or verified remediation. Leverage penetration test results to facilitate Purple Team exercises and improve client detection and response coverage.  Active Directory & Identity Infrastructure Assess and harden client Active Directory environments, delivering tiered administration models, Group Policy hardening recommendations, and attack-path remediation roadmaps. Identify and remediate AD misconfigurations and attack paths (e.g., Kerberoasting, pass-the-hash, DCSync) using tooling such as BloodHound and Microsoft Secure Score during client engagements. Advise clients on Azure AD / Entra ID integration, hybrid identity architectures, and Conditional Access policy design.  Required Qualifications 10–15 years of progressive experience in cybersecurity, with a significant portion in architecture or senior engineering roles. Deep, hands-on expertise with Palo Alto Networks and Check Point firewall platforms, including PAN-OS, Panorama, SmartConsole, and policy lifecycle management. Demonstrated experience designing and operating PAM and IAM programs at enterprise scale. Proficient with Tenable and/or Qualys vulnerability management platforms, including scan policy design, asset grouping, and remediation tracking. Hands-on experience with CrowdStrike Falcon and/or SentinelOne, including policy tuning, threat hunting, and SIEM integration. Practical experience conducting or managing internal and external penetration tests using industry-standard methodologies (PTES, OWASP, NIST SP 800-115). Deep expertise in Active Directory security, including attack techniques, detection strategies, and hardening frameworks. Strong understanding of TCP/IP networking, DNS, PKI, VPNs, and cloud networking concepts (AWS, Azure, GCP).  Preferred Qualifications Active security certifications such as CISSP, CISM, GIAC (GPEN, GWAPT, GCFA, GCIA), OSCP, or equivalent. Prior experience in a cybersecurity consulting, professional services, or MSSP environment is helpful but not required. Exposure to client-facing or project-based work is a plus; strong candidates from in-house security teams are encouraged to apply. Experience with SIEM/SOAR platforms (Splunk, Microsoft Sentinel, Palo Alto XSOAR). Familiarity with compliance frameworks including SOC 2, PCI DSS, HIPAA, CMMC, or ISO 27001. Experience with DevSecOps practices, CI/CD security integration, and Infrastructure as Code (IaC) security scanning. Scripting or automation experience in Python, PowerShell, or Bash for security operations use cases.  Core Competencies Builds trusted advisor relationships with client stakeholders at all levels, from technical teams to C-suite executives. Client Focus Translates complex threat landscapes and client environments into actionable, prioritized security roadmaps. Strategic Thinking Exceptional written and verbal skills; adept at producing polished client deliverables and executive briefings. Communication Thrives in a fast-paced consulting environment, shifting effectively across multiple simultaneous client engagements. Adaptability Self-directed and accountable; drives client outcomes from engagement kickoff through successful delivery. Ownership  Work Environment & Travel This is a client-facing consulting role at Propelex Cybersecurity. Travel to client sites is required and will vary by engagement, ranging from occasional to frequent based on project needs and client location. The role is otherwise performed remotely or from a Propelex Cybersecurity office. Reasonable accommodations will be made for individuals with disabilities in compliance with applicable law.  Equal Opportunity Statement Propelex Cybersecurity is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by applicable law.