Staff Security Architect, Enterprise

About The role

SoFi Cybersecurity Architecture team assists and partners with engineering, product and design organizations. Our mission is  to build a secure and resilient enterprise that protects our employees, customers, and business operations. By embedding security into our infrastructure, cloud environments, and enterprise systems, we safeguard critical assets while enabling the business to operate efficiently and securely.

As a Staff Security Architect, you will be responsible for the end-to-end security architecture of our platforms, products, and corporate services. You will work in conjunction with security, compliance, and risk teams to make decisions and help lead initiatives to ensure timely delivery of security solutions that support our business objectives. 

The ideal candidate will be highly collaborative, balancing the right level of security with business objectives, and working to creatively solve complex Corporate Security related problems in an agile environment. 
 

What you’ll do:

• Be an Cybersecurity architect evangelist who can translate security concepts into language that is meaningful to our IT teams and engineering. Design and implement security architectures that align with business needs while ensuring robust protection across corporate environments.

• Architect and lead the implementation of a Zero Trust security model, ensuring secure access across users, devices, and services.

• Own and evolve IAM and PAM strategy, leveraging tools like Okta, Azure AD, and centralized secrets management to enforce least-privilege access.

• Architect and oversee the enterprise-wide endpoint security strategy, integrating solutions like CrowdStrike, JAMF, and Microsoft Defender to ensure consistent protection, visibility, and policy enforcement across all device platforms.

• Lead the design and rollout of network security controls using Zscaler (ZTNA, SWG), microsegmentation, and secure remote access patterns.

• Partner with engineering, IT, and compliance teams to embed security into infrastructure, device management, and enterprise tooling.

• Conduct architecture reviews, threat modeling, and drive remediation plans across cloud and on-prem systems.

• Build and automate security guardrails into CI/CD and infrastructure pipelines—Security as Code.

• Continuously evaluate emerging threats, tools, and technologies, translating insight into actionable strategy.

What you’ll need:

• Designed and implemented AWS-native security architectures with deep hands-on experience in IAM, KMS, GuardDuty, Security Hub, WAF, and enforcing least privilege across multi-account environments.

• Led Zero Trust strategy and execution, including identity-based access, device posture enforcement, and network segmentation across hybrid environments.

• Architected enterprise-wide IAM and PAM solutions using Okta, Azure AD, and integrated secrets management systems to enforce strong authentication, role-based access control, and session governance.

• Built and operationalized endpoint security frameworks using leading EDR/XDR platforms like CrowdStrike and Defender ATP, along with JAMF and Intune for device compliance and policy enforcement.

• Integrated Zscaler, CASB, and Secure Web Gateway (SWG) solutions into core network and user access flows, enabling secure access to cloud and SaaS resources in a Zero Trust model.

• Applied industry-standard frameworks such as MITRE ATT&CK, NIST, and CIS Controls to design scalable, auditable, and resilient security architectures.

• Excellent communication skills—you can explain security trade-offs clearly to engineers and executives alike.

• Ability to prioritize between and execute on multiple work streams

• Written and verbal skills for communicating security concepts and solutions

Preferred Qualifications:

• Bachelor's degree in Computer Science or equivalent from a fully-accredited college or university

• 8+ Experience in Infrastructure and corporate security architecture

• Experience with cloud native products and in-depth understanding Zero Trust Principle + years of experience with cloud technologies preferably AWS

• Demonstrated ability to think strategically about business, product, and technical challenges

• Ability to manage relationships with other business units, external vendors and stakeholders when IT security risks are present and system or process changes must be made to mitigate risk

• Ability to work in a fast paced and Agile development environment

• Work and play well with others; SoFi is a collaborative environment

Nice to have:

• CISSP, Zscaler Digital Transformation Administrator, Okta certified professional, AWS Certified Security Speciality

• Masters or PhD in Computer Science or Engineering

• Financial services experience