Senior Cybersecurity Architecture Engineer

About Goosehead

Since 2003, Goosehead Insurance has been disrupting the insurance industry by giving clients the power of choice, utilizing a smarter marketing approach, and delivering world-class service. This is all powered by our focus on hiring and retaining extraordinary people. Our clients trust us with their most valuable possessions, so we’re more than just a bit selective when it comes to hiring new team members.

Job Summary

We are seeking a dynamic and highly experienced Senior Cybersecurity Architecture Engineer who can bridge deep technical expertise with strategic cybersecurity risk management. The ideal candidate will demonstrate a history of excellence in IT infrastructure, cybersecurity, and GRC leadership, combined with the ability to wear multiple subject matter expert hats across evolving enterprise security technologies.

Principal Duties and Responsibilities

     Governance, Risk, and Compliance (GRC):

• Lead development and maintenance of cybersecurity policies, standards, and procedures in alignment with NIST, SOC2, and NAIC frameworks.
• Conduct enterprise-level risk assessments and document control gaps with measurable remediation timelines.
• Maintain regulatory and industry compliance (SOX, PCI-DSS, SOC2) by conducting regular audits and reporting to executive stakeholders.
• Operationalize risk registers and lead risk meetings.
• Develop and present monthly dashboards on key performance indicators (KPIs) for cybersecurity posture, incident trends, and remediation progress.
• Report material risks and security incidents to the CISO and Cybersecurity Board.
• Expert understanding of GRC principles and frameworks.

Cybersecurity Architecture & Infrastructure:

• Evaluate current and future cybersecurity architectures for infrastructure and applications; assess and adopt emerging technologies based on industry standards (NIST, SOC2, PCI, SOX).
• Architect, deploy, and maintain ZTNA frameworks to ensure secure access across all systems and devices.
• Lead design and deployment of secure hybrid cloud infrastructures, leveraging SASE, DLP (Microsoft Purview or similar), and EDR.
• Deploy, manage, and monitor Secure Access Service Edge (SASE) solutions for global workforces.
• Implement and maintain Data Loss Prevention (DLP) policies across endpoints, email, and cloud services.
• Lead deployment and continuous tuning of Endpoint Detection and Response (EDR) solutions.

Threat Management & Security Operations:

• Conduct proactive threat hunting exercises leveraging SIEM and threat intel platforms.
• Drive continuous vulnerability management using scanning tools and coordinate patch management cycles with IT.

Identity & Access Management (IAM) and Asset Management:

• Oversee IAM solutions and governance across Azure EntraID and Okta, including the implementation of MFA, SSO, and PAM.
• Design and enforce identity governance frameworks across Azure EntraID and Okta.
• Manage multi-factor authentication (MFA) and privileged access management (PAM) platforms.
• Maintain comprehensive asset inventory accuracy using industry-standard ITAM platforms.
• Establish automated asset discovery and reconcile discrepancies with CMDB owners.       

Application Security & DevSecOps:

• Integrate security into all stages of the software development lifecycle (SDLC).
• Support application security initiatives, including static and dynamic code analysis, and SAST/DAST tool deployments.
• Collaborate with DevOps teams on secure CI/CD pipeline design.

Experience and Education

• Bachelor’s degree in Computer Science, Information Security, or a related field (Master’s degree preferred).
• Certifications such as CISSP, CISM, CRISC, CISA, Azure Security Engineer, GIAC GMON, or GWAPT are highly desirable.
• Strong background in cloud security is a plus.
   

Required Skills and Abilities

• 10+ years of progressive cybersecurity engineering and architecture experience.
• Proven experience with:
• Secure Access Service Edge (SASE) deployments
• Data Loss Prevention (DLP) platforms
• Endpoint Detection and Response (EDR) solutions
• Threat hunting and vulnerability management methodologies
• Identity and Access Management (IAM)
• DevSecOps and Secure SDLC Best Practices
• Asset Discovery and Risk-Scoring tools

Benefits Summary

• High-quality voluntary health, vision, disability, life, and dental insurance programs
• 401K Matching Plan
• Employee Stock Purchase Plan
• Paid holidays, vacation, and sick leave
• Corporate-sponsored programs to enhance employee physical, financial, mental, and emotional wellness
• Financial Solution Program

Equal Employment Opportunity:

Goosehead is an equal-opportunity employer and complies with all applicable federal, state, and local laws, rules, guidelines, and regulations. Goosehead strictly prohibits and does not tolerate unlawful discrimination against employees, applicants, or any other covered person because of race, color, religion, creed, national origin, ancestry, ethnicity, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender, gender identity, transgender status, age, physical or mental disability, veteran status, uniformed service, genetic information, or any other characteristic protected by applicable law. All applicants for employment and all Goosehead employees are given equal consideration based solely on job-related factors, such as qualifications, experience, performance, and availability. 

To learn more about our job opportunities, apply here. We look forward to speaking with you!