Enterprise Security Architect

Overview

PenFed is hiring a (Hybrid) Enterprise Security Architect at our Tysons, Virginia location. The Enterprise IT Security Architect is a senior security architecture partner to the First Line IT organization. This role ensures security requirements are effectively translated into practical, scalable designs and operating practices that support business outcomes while meeting enterprise risk and compliance obligations.

The architect serves as the critical bridge between First Line IT and Second Line Cyber Security, ensuring second-line control requirements are clearly understood, appropriately interpreted, and consistently incorporated into first line–managed platforms, solutions, and delivery practices.

Responsibilities

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties, and the position will perform other duties as assigned.

Security Architecture & Design

• Partner with First Line IT teams to define and validate security functional requirements across applications, infrastructure, cloud, data, and enterprise platforms.
• Design and maintain 1st line security architecture standards, reference architectures, and patterns aligned to business strategy, regulatory expectations, and cyber risk posture.
• Review and influence technology designs to ensure security is embedded early and by default.
• Evaluate new technologies and platforms to ensure secure adoption and enterprise alignment.

First Line IT Enablement & Support

• Serve as the primary security architecture contact for assigned IT domains, platforms, or portfolios.
• Provide hands-on architectural guidance, issue resolution, and design support for security-related challenges.
• Translate security policies, standards, and control objectives into actionable guidance that delivery and operations teams can implement.
• Enable secure agile, DevOps, and cloud operating models by embedding security into SDLC, CI/CD pipelines, and operational processes.

Partnership with Second Line Cyber Security

• Actively partner with Second Line Cyber Security to ensure security control requirements, risk expectations, and policy interpretations are clearly understood and consistently applied.
• Incorporate second-line security requirements into First Line–managed platforms, guardrails, and engineering practices.
• Support alignment between architectural decisions and enterprise cyber risk management frameworks.
• Facilitate efficient issue resolution, risk discussions, and exception handling between first- and second-line teams.

Qualifications

Equivalent combination of education and experience is considered.

•

Bachelor’s degree in computer science, Information Security, Engineering, or related discipline (or equivalent experience).

•

12+ years of experience in enterprise IT, security architecture, or cybersecurity roles.

•

Strong understanding of enterprise security domains, including IAM, cloud security, application security, infrastructure security, and data protection.

•

Demonstrated experience supporting first-line IT delivery teams while aligning to second-line risk and control expectations.

•

Excellent communication and influencing skills with technical and non-technical stakeholders.

•

Experience in using A.I. tools preferred.

Supervisory Responsibility

This position will not supervise employees.

Licenses and Certifications

One or more of the following certifications are required

• Industry certifications (e.g., CISSP, CCSP, CISM, SABSA, TOGAF).
• Experience in regulated industries (e.g., financial services).
• Familiarity with zero trust architectures, secure SDLC, and cloud-native security controls.
• Experience operating in product-centric, agile, or DevOps environments.

Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

*Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*

Travel

Ability to travel to various worksites and be on call is required.

#LI-Hybrid

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties, and the position will perform other duties as assigned.

Security Architecture & Design

• Partner with First Line IT teams to define and validate security functional requirements across applications, infrastructure, cloud, data, and enterprise platforms.
• Design and maintain 1st line security architecture standards, reference architectures, and patterns aligned to business strategy, regulatory expectations, and cyber risk posture.
• Review and influence technology designs to ensure security is embedded early and by default.
• Evaluate new technologies and platforms to ensure secure adoption and enterprise alignment.

First Line IT Enablement & Support

• Serve as the primary security architecture contact for assigned IT domains, platforms, or portfolios.
• Provide hands-on architectural guidance, issue resolution, and design support for security-related challenges.
• Translate security policies, standards, and control objectives into actionable guidance that delivery and operations teams can implement.
• Enable secure agile, DevOps, and cloud operating models by embedding security into SDLC, CI/CD pipelines, and operational processes.

Partnership with Second Line Cyber Security

• Actively partner with Second Line Cyber Security to ensure security control requirements, risk expectations, and policy interpretations are clearly understood and consistently applied.
• Incorporate second-line security requirements into First Line-managed platforms, guardrails, and engineering practices.
• Support alignment between architectural decisions and enterprise cyber risk management frameworks.
• Facilitate efficient issue resolution, risk discussions, and exception handling between first- and second-line teams.

Equivalent combination of education and experience is considered.

•

Bachelor's degree in computer science, Information Security, Engineering, or related discipline (or equivalent experience).

•

12+ years of experience in enterprise IT, security architecture, or cybersecurity roles.

•

Strong understanding of enterprise security domains, including IAM, cloud security, application security, infrastructure security, and data protection.

•

Demonstrated experience supporting first-line IT delivery teams while aligning to second-line risk and control expectations.

•

Excellent communication and influencing skills with technical and non-technical stakeholders.

•

Experience in using A.I. tools preferred.

Supervisory Responsibility

This position will not supervise employees.

Licenses and Certifications

One or more of the following certifications are required

• Industry certifications (e.g., CISSP, CCSP, CISM, SABSA, TOGAF).
• Experience in regulated industries (e.g., financial services).
• Familiarity with zero trust architectures, secure SDLC, and cloud-native security controls.
• Experience operating in product-centric, agile, or DevOps environments.

Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

*Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.*

Travel

Ability to travel to various worksites and be on call is required.

#LI-Hybrid