CrawlJobs Logo
TUI Logo TUI · IT - Software Development

Security Architect

Portugal, Matosinhos Municipality · Job Posted June 03, 2026
Apply Position
Job Link Share

Job Responsibility

  • Drive control implementation across all five CISA Zero Trust pillars - dentity, Devices, Networks, Applications and Workloads, and Data - translating pillar OKR commitments into specific, sequenced control deployments with defined owners, timelines, and measurable success criteria
  • Own the measurement framework for Zero Trust maturity progression, using Microsoft Security Exposure Management, Maester security assessments, and Microsoft Secure Score to track control status changes, maintain time-series data, and escalate stalled controls before they impact quarterly OKR targets
  • Work directly with pillar owners - Identity, Devices, Network, Applications, and Data leads - to convert high-priority workshop outputs into active delivery backlogs, challenging shared ownership arrangements and ensuring each control has a single named owner with budget authority
  • Provide technical depth across pillar-specific control areas including Conditional Access policy design, Entra ID Governance, PIM, phishing-resistant MFA deployment, trusted device strategy, Intune policy enforcement, network segmentation, secure remote access patterns, application ownership models, Entra SSO integration, API security governance, and data loss prevention aligned to the Secure Future Initiative
  • Triage Microsoft Secure Score recommendations against pillar OKR priorities, assign each recommendation to the correct pillar owner with delivery timelines, track closure rates, and separate high-impact risk-reducing controls from low-value compliance activities
  • Generate evidence of risk reduction for board reporting and cyber insurance renewal, presenting Zero Trust progress in terms of attack surface change and business impact rather than framework terminology

Requirements

  • You have a demonstrable track record of delivering Zero Trust control implementation - not just designing it - across enterprise environments, with practical understanding of the CISA Zero Trust Maturity Model across all five pillars and the ability to assess current state against Traditional, Initial, Advanced, and Optimal maturity stages
  • Evidence of driving security control implementation through delivery teams in large, complex organisations is essential, as you distinguish between controls that have been deployed and verified versus those that have only been documented or recommended, actively rejecting activity-based metrics in favour of outcome-based measurement
  • Hands-on experience with Microsoft Security Exposure Management, Microsoft Secure Score, Maester, and the Microsoft Defender suite enables you to extract control status data, interpret attack path exposure metrics, and use tooling output to drive delivery prioritisation and evidence compilation
  • Your proficiency with Entra ID, Intune, Defender for Endpoint, and Defender for Office 365 as control implementation platforms means you can provide technical depth across Identity, Devices, Networks, Applications, and Data pillar-specific control areas
  • You're able to identify and challenge shared ownership arrangements that prevent control implementation, assigning single accountable owners to controls and holding them to delivery commitments, understanding that a control without a named, funded owner is an unmanaged risk
  • Experience working within an OKR framework where key results are tied to measurable security outcomes is important, as you understand that programme maturity is measured by controls implemented and attack surface reduced - not by documents produced or workshops delivered
  • Operating within or alongside a formal security architecture governance function comes naturally to you, as you contribute to quarterly reporting cadences and multi-team delivery coordination across complex enterprise environments
  • You're highly autonomous and able to identify what needs to happen next without being directed, taking ownership of blockers and working comfortably across organisational boundaries to challenge delivery teams when progress is below expectation
  • Being comfortable with ambiguity in an actively evolving programme is essential, as you adjust your approach based on what measurement data shows and stay motivated by reducing actual risk rather than achieving compliance posture

What we offer

  • Attractive remuneration
  • Exclusive travel perks & discounts
  • Extensive health & wellbeing support
  • Flexible working
  • Access the TUI Tech Learning Hub
  • Opportunities to upskill, reskill and grow your career
  • Participate in our tech communities and collaborate on global projects and teams
  • Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community
TUI - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Architect

8 matching positions

Principal Security Architect

As a Security Architect, your role involves designing, reviewing, and enhancing ...
Location
Location
United States , San Francisco
Salary
Salary:
164000.00 - 290000.00 USD / Year
ethoslife.com Logo
Ethos
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in Information Security with at least 2 years as a Security Architect
  • Bachelor’s Degree in Computer Science or related field, or an additional 3 years of pertinent work involvement preferred
  • Strong knowledge of prevalent security architectures, frameworks, standards and emerging threats along with strategies and technologies for defense
  • Deep understanding of network protocols, operating systems, databases, applied cryptography, least privilege, zero trust principles, identity & access management, and other core information security concepts
  • Expertise in cloud computing and its associated best security practices encompassing applications, infrastructure, storage, platforms, and data security
  • Ability to conduct threat modeling and risk assessments
  • Ability to come into our San Francisco, CA office once a week
Job Responsibility
Job Responsibility
  • Conduct Threat Modeling & Architectural Assessments to cover all Information Security domains to ensure Security by Design
  • Assess technologies and solutions to develop and enrich security capabilities
  • Identify security gaps and communicate associated business risks to relevant stakeholders
  • Craft solutions that harmonize business needs with security and compliance requirements
  • Verify the effectiveness of security controls in mitigating identified risks
  • Assist engineering projects across the Software Development Life Cycle (SDLC) and collaborate to prioritize product security elements effectively
  • Apply expertise in information security and application development to instigate organizational shifts aimed at managing and resolving security weaknesses and vulnerabilities
  • Contribute to the creation of security policies, standards, and guidelines
  • Devise and implement frameworks for data classification, retention, and disposal to ensure alignment with data privacy regulations
  • Spearhead initiatives for data security awareness and training
  • Fulltime
Read More
Arrow Right

Cyber Security Architect

We are looking for an experienced Cyber Security Architect to lead security revi...
Location
Location
United Kingdom
Salary
Salary:
Not provided
experis.co.uk Logo
Experis
Expiration Date
July 31, 2026
Flip Icon
Requirements
Requirements
  • Active SC and NPPV Clearance is Necessary
  • Strong knowledge of enterprise security architecture, cloud security (Azure, AWS), and multi-tenant environments
  • Familiarity with Zero Trust, NIST, ISO 27001, and CIS benchmarks
  • Proficiency in identity management, network security, encryption, and secure onboarding processes
Job Responsibility
Job Responsibility
  • Assess and validate cloud tenant architectures for compliance with security policies and frameworks
  • Identify gaps in proposed designs and recommend enhancements to meet security baselines
  • Work closely with client security teams and internal architects to align on security objectives
  • Facilitate workshops and design reviews to ensure mutual understanding of requirements
  • Define and enforce security standards, patterns, and principles across all platforms
  • Ensure adherence to regulatory compliance and organizational security policies
  • Certify that platforms are fully secured and operational before onboarding activities
  • Implement controls for identity and access management, encryption, and monitoring
  • Conduct threat modeling and risk assessments for new tenants and onboarding processes
  • Provide mitigation strategies for identified vulnerabilities
Read More
Arrow Right

Enterprise Security Architect

Enterprise Security Architect role at HPE's Cybersecurity team responsible for d...
Location
Location
United States , Spring
Salary
Salary:
117500.00 - 270000.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in security architecture, solution architecture, or related roles in large, complex enterprises
  • Deep experience with on-premises infrastructure security (data centers, networks, OT/ICS, mainframes, Windows/Linux servers)
  • Strong knowledge of cloud security (AWS/Azure/GCP) and hybrid architecture models
  • Detailed understanding of enterprise security domains: identity and access, network security, data protection, and application security
  • In-depth experience with security frameworks (NIST CSF, ISO 27001, CIS Controls, OWASP)
  • Bachelor's or master's degree in computer science, Engineering, Cybersecurity, or related field
  • Certifications such as CISSP, SABSA, TOGAF, CCSK, or CCSP are a plus
Job Responsibility
Job Responsibility
  • Define and maintain enterprise security reference architectures, patterns, and standards for on-prem, hybrid, and cloud environments
  • Conduct architecture risk assessments and security design reviews for major technology programs
  • Design secure architectures for data centers, networks, servers, OT/ICS, IT infrastructure and legacy business platforms
  • Guide the secure modernization of on-prem workloads and public cloud platforms (AWS/Azure/GCP)
  • Drive Zero Trust principles and identity-centric security models across enterprise systems
  • Establish design patterns for data classification, encryption, and data loss prevention
  • Provide security guidance for emerging AI/ML platforms and use cases, including data privacy, model security, and responsible use
  • Partner with enterprise architects, engineering teams, infrastructure, and compliance to embed security early in designs
  • Act as a trusted advisor to technology leaders and mentor engineers on secure design practices
  • Practice champion secure-by-design thinking and drive adoption across the enterprise
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive benefits suite supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Google Cloud Platform Cloud Security Architect

Location
Location
United States , Roswell
Salary
Salary:
Not provided
synkriom.com Logo
Synkriom
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of prior experience in IT in network security, information security and infrastructure in a high-tech environment
  • 5+ years architecting and implementing security and DevSecOps on public cloud solutions (AWS or Google Cloud Platform)
  • Work experience as a Cloud Security Architect or similar role in a cloud native environment
  • Deep hands-on experience leading the design and deployment of technology infrastructure and associated security controls
  • Experience in solutions for data security, data masking, data classification, data anonymization
Job Responsibility
Job Responsibility
  • Provide domain expertise around public cloud and enterprise technology
  • Configure, implement, monitor, and support network security software/systems that will help ensure compliance with CSA Cloud Controls Matrix in cloud environments (AWS/AzureP)
  • Update security tools for logging/monitoring and growing coverage of existing tools
  • Make recommendations to management on enhancements to existing and new security software or related tools
  • Assist in evaluating, planning and implementation of new/existing security applications/tools that integrate with current tool sets
  • Help implement and maintain next-generation enterprise protection tools and malware detection technologies
  • Ensure security standard methodologies are identified and integrated into all facets of projects including network, system designs/configuration and implementations
  • Make recommendation on secure integration strategies, global enterprise architectures and application infrastructure based on best practices
  • Develop security architecture strategies that align to enterprise architecture strategy and that of the business strategy for cloud
  • Develop in depth security architecture standards, frameworks and design patters spanning all layers of security in the cloud from host, server and network to application and data security
Read More
Arrow Right

AppSec & AI Security Architect

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or Engineering
  • 10+ years of experience in application or product security architecture, preferably in large enterprise or SaaS environments
  • Proven expertise in secure application and API design, cloud-native security, and DevSecOps enablement
  • Proven expertise in secure application and API design, WAAP, and ASPM solutions
  • Strong experience with Kubernetes (K8s), containerization, and service mesh architectures
  • Hands-on experience implementing or governing GitOps pipelines and policy-as-code frameworks (e.g., OPA/Gatekeeper, Kyverno)
  • Knowledge of Zero Trust, data protection, and modern identity standards (OIDC, OAuth2)
  • Familiarity with AI/ML security risks, model governance, and responsible AI adoption
  • Deep knowledge of OWASP ASVS, NIST CSF, ISO 27034, and CIS Controls
  • Desired Certifications: CISSP, CSSLP, SABSA, CCSP, CKA (Certified Kubernetes Administrator), or CCSK.
Job Responsibility
Job Responsibility
  • Defining and maintaining secure application architecture patterns, reference designs, and reusable components across enterprise and cloud-native ecosystems
  • Performing architecture risk assessments and threat modeling for major application programs, APIs, and platforms
  • Leading adoption of Web Application and API Protection (WAAP) controls and Application Security Posture Management (ASPM) tools to enable continuous risk visibility and compliance
  • Embedding security controls in SDLC and CI/CD pipelines, including SAST, DAST, SCA, IaC, and container scanning
  • Designing and governing security for Kubernetes-based and containerized workloads, including service mesh and runtime protection
  • Developing and enforcing standards for API and microservices security, including authentication, authorization, and token lifecycle management (OAuth2, OIDC, mTLS)
  • Establishing secure-by-default configurations for CI/CD and GitOps pipelines (e.g., ArgoCD, Flux, Jenkins, GitHub Actions)
  • Partnering with engineering teams to design secure cloud-native and hybrid architectures across AWS, Azure, and GCP
  • Providing security guidance for applications leveraging AI/ML or LLM capabilities, such as input/output sanitization, model integrity, and data protection
  • Establishing application security KPIs, governance models, and maturity metrics
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion.
  • Fulltime
Read More
Arrow Right

Information Security Architect

Location
Location
United States , Bloomington
Salary
Salary:
76835.00 USD / Year
nxttechnologies.com Logo
Next Technologies (Bloomington)
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor of Science in CS, C/MIS, ISS, Hardware Engineering, Electrical/Electronic Engineering, or related field
  • 2 years’ experience in the job offered, software engineer/developer, security/IAM architect, consultant/analyst, or related field
Job Responsibility
Job Responsibility
  • Plan, analyze, architect, develop, create, and use Identity & Access Management including authentication, authorization, user/account management, provisioning, and access certification
  • Plan, analyze, architect, design, develop, implement, and use Security Architecture including SDLC integration, security engineering, future state alignment, and enterprise security architecture
  • Use SSO, Java, Servlet, Spring, Splunk, OpenDJ/AM/IDM, WebServer, Clustering, Oracle Databases, OAuth 2.0 and SAML
  • Maintain ISO 27001/27002 and NIST Cybersecurity Framework
  • Keep abreast of and develop IS policies, standards, and control procedures
  • Work on projects and drive remediation tasks
  • May require travel to unanticipated locations
Read More
Arrow Right

Network Security Architect

The Network Security Architect will play a pivotal role in designing and guiding...
Location
Location
Poland , Warszawa
Salary
Salary:
Not provided
https://www.circlek.com Logo
Circle K
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience architecting secure network infrastructures within enterprise environments
  • Strong familiarity with cloud platforms (AWS, Azure, OCI) and security best practices in cloud networking
  • Expertise in security design and implementation with Palo Alto and Fortinet firewall solutions
  • Solid understanding of Cisco switching & routing technologies from an architectural perspective
  • Thorough understanding of compliance and security standards including PCI DSS, GDPR, and NIST
  • Minimum of 3 years of experience in network security (architecture/design preferred)
  • Certifications such as CISSP, CCSP, PCNSE, NSE, or equivalent preferred
Job Responsibility
Job Responsibility
  • Develop and lead the strategic design of secure network architectures, ensuring alignment with enterprise security policies and industry best practices
  • Evaluate existing network infrastructures to identify gaps and/or vulnerabilities and architect comprehensive security solutions
  • Establish security architecture standards, guidelines, and frameworks for cloud environments and data center networks
  • Perform security reviews of network architecture plans, offering expert-level advice and technical guidance
  • Collaborate with security governance and compliance teams to integrate network security architectures with compliance requirements (PCI DSS, GDPR, NIST)
  • Provide technical leadership in responding to security incidents by analyzing threats and recommending appropriate architectural solutions
  • Stay abreast of evolving cyber threats and proactively recommend enhancements to maintain robust security defenses
What we offer
What we offer
  • Contract of employment
  • Annual bonus
  • Private medical care
  • Cafeteria Platform/Multisport
  • English lessons subsidized by the company
  • Group insurance
  • Attractive discounts for products and services at our stations
  • Employee stock purchase plan
  • Employee Assistance Program (Lyra)
  • Modern and convenient office
  • Fulltime
Read More
Arrow Right

Network and Security Architect - SASE

We are seeking a highly skilled and experienced Network and Security Architect w...
Location
Location
Poland , Łódź
Salary
Salary:
Not provided
https://www.bosch.pl/ Logo
Robert Bosch Sp. z o.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in network and security architecture, with a strong focus on cloud security
  • 5+ years of hands-on experience designing, deploying, and managing large-scale ZTNA and SASE solutions in enterprise environments
  • Deep understanding and practical experience with leading SASE vendor platforms (e.g., Zscaler, Palo Alto Networks Prisma Access, Fortinet FortiSASE, Netskope, etc.)
  • Proven expertise in Zero Trust principles and their practical implementation across various layers (identity, device, application, data)
  • Strong knowledge of networking protocols (TCP/IP, BGP, OSPF, DNS, HTTP/S), VPN technologies (IPsec, SSL VPN), and network security concepts (firewalls, IDS/IPS, WAF)
  • Experience with cloud platforms (Azure, AWS, GCP) and their security services
  • Proficiency in identity and access management (IAM) concepts and technologies (SAML, OAuth, OpenID Connect, MFA)
  • Excellent analytical, problem-solving, and decision-making skills
  • Strong communication, presentation, and interpersonal skills with the ability to influence and persuade stakeholders at all levels
  • Ability to work independently and as part of a global, cross-functional team
Job Responsibility
Job Responsibility
  • Lead the design, development, and evolution of Bosch's global ZTNA and SASE architecture, ensuring alignment with industry best practices, regulatory requirements, and Bosch's security policies
  • Define architectural patterns, standards, and blueprints for ZTNA and SASE components, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), Data Loss Prevention (DLP), and advanced threat protection
  • Evaluate and recommend new technologies, vendors, and solutions within the ZTNA/SASE ecosystem to enhance Bosch's security capabilities and optimize performance
  • Develop and maintain the architectural roadmap for ZTNA and SASE, forecasting future needs and anticipating technological shifts
  • Oversee the end-to-end deployment of ZTNA and SASE solutions, including planning, design, implementation, testing, and go-live
  • Collaborate with network engineering, security operations, application development, and business units to ensure seamless integration of ZTNA/SASE with existing IT infrastructure and applications
  • Define integration strategies for identity providers (e.g., Azure AD), endpoint security solutions, and other security tools
  • Provide expert guidance and technical leadership to implementation teams and external vendors
  • Translate high-level security requirements into detailed ZTNA and SASE policies, rules, and configurations
  • Develop and enforce security standards and guidelines for secure access, data protection, and threat prevention within the SASE framework
What we offer
What we offer
  • Competitive salary + annual bonus
  • Hybrid work with flexible working hours
  • Referral Bonus Program
  • Copyright costs for IT employees
  • Complex environment of working, professional support and possibility to share knowledge and best practices
  • Ongoing development opportunities in a multinational environment
  • Broad access to professional trainings (incl. language courses), conferences and webinars
  • Private medical care and life insurance
  • Cafeteria System with multiple benefits (incl. MultiSport, shopping vouchers, cinema tickets, etc.)
  • Prepaid Lunch Card
  • Fulltime
Read More
Arrow Right