Security Architect

CBTS serves enterprise and midmarket clients in all industries across the United States and Canada. CBTS combines deep technical expertise with a full suite of flexible technology solutions--including Application Modernization, Managed Hybrid Cloud, Cybersecurity, Unified Communications, and Infrastructure solutions. From developing and deploying modern applications and the secure, scalable platforms on which they run, to managing, monitoring, and optimizing their operations, CBTS delivers comprehensive technology solutions for its clients' transformative business initiatives. For more information, please visit www.cbts.com.

Job Purpose:

As a Security Architect, you will shape and advance the security architecture for Cloud, AI, and other emerging technology initiatives at CBTS. This role focuses on designing and implementing modern security solutions, ensuring that security is embedded into every product, system, and service the business builds. You will work closely with internal teams across CBTS to align security architecture with business needs and drive secure-by-design practices throughout the organization.

Essential Functions:

Security Architecture and Design:

• Develop, implement, and maintain multilayered information security architectures, policies, and standards for cloud, AI, and modern application environments.
• Ensure security architecture aligns with industry best practices, regulatory expectations, and CBTS strategic objectives.
• Continuously evaluate and strengthen existing security frameworks to adapt to evolving threats and technologies.
• Assess and integrate new security technologies, with a focus on cloud-native security, automation, AI-driven security controls, and emerging innovations.

Risk Assessment and Mitigation:

• Conduct security risk assessments, architecture reviews, and vulnerability assessments across cloud and application environments
• Support Red Team and threat modeling initiatives to identify and address architectural weaknesses.
• Analyze emerging threat trends adapting our security strategies accordingly.

Business Collaboration and Regulatory Compliance:

• Partner with business units, product teams, and engineering groups to embed security throughout the development and delivery lifecycle
• Advocate for secure design principles and guide teams in adopting architectures that meet both security and business requirements
• Collaborate with vendors to evaluate cloud, AI, and infrastructure enhancements, ensuring alignment with security expectations.

Regulatory & Compliance Alignment

• Ensure architectural decisions support compliance with relevant regulatory and industry standards such as NIST 800‑53, DISA STIGs, PCI‑DSS, SOX, and others.
• Maintain awareness of evolving compliance obligations and incorporate them into architectural patterns and controls.

Education:

Four years of college resulting in a bachelor’s degree or equivalent experience.

Certifications, Accreditations, Licenses:

One of more of the following certifications (or equivalent):

• ISC2 CISSP, CISM, CCSP
• Advanced GIAC/SANS certifications - GCIH, GCIA, GCFE, GCFA, GREM, GWAPT, GPEN, GSE
• Microsoft AZ-500, AI-900, AI-102, SC-900, AZ-900

Relevant Work Experience:

5 years of senior-level Information Security experience focused on Security Architecture, Cloud Security, Security Engineering, or Risk Management

Hands-on experience with cloud architectures, AI-enabled systems, modern application stacks, and security technologies.

Special Knowledge, Skills, and Abilities:

• Strong analytical skills, attention to detail, and excellent communication skills.
• Deep understanding of cloud architectures, application and web architectures, database and network security architecture.
• Knowledge of NIST 800-53 Framework, NIST AI RMF, regulatory compliance regulations - PCI-DSS, Sarbanes-Oxley, and awareness of industry standards and best practices.
• Working knowledge of modern security solutions, tooling, and architectural patterns.

Supervisory Responsibility:

• This position has no Supervisory Responsibility

#LI-PK1 #LI-Hybrid #LI-Remote

Due to U.S. Government requirements applicable to foreign-owned telecommunications providers, non-US citizens may be required to submit to an extensive government agency background check which will necessitate disclosure of sensitive Personally Identifiable Information.