Principal Security Architect

Job Description

The Principal Security Architect provides architectural leadership and vision for security across the enterprise. The successful candidate will be a senior, hands-on expert responsible for infusing security into all aspects of our technology landscape. They will work as a contemporary with other architects to improve new and existing designs, proactively identify and remediate risks in operational systems, and act as a key consultant and mentor. 

This is a hybrid role and the selected candidate must be near-site to one of Quest Diagnostics hub locations. Preferred locations are Secaucus, NJ, East Norriton, PA or Schaumburg, IL. Pay Range: $160,000-$225,000/year + 20% Annual Incentive Plan. 

Salary offers are based on a wide range of factors including relevant skills, training, experience, education, and, where applicable, certifications obtained. Market and organizational factors are also considered. Successful candidates may be eligible to receive annual performance bonus compensation.

This role is adept in two distinct domains: 

• Security Reference Architecture: Creating and maintaining a library of reusable, high-level, templatized security architectures and patterns that serve as a secure baseline for all technology solutions. 
• Security Consulting & Solution Architecture: Collaborating with solution and enterprise architects to integrate robust security principles and controls into their designs. This involves reviewing, co-designing, and improving detailed solution architectures to ensure they are secure-by-design across on-premises, hybrid, and multi-cloud (AWS, Azure, and GCP) environments. 

This role requires the creation and ownership of the Enterprise Security Strategy and Roadmap for these architectural areas. The architect will also support the M&A Architecture team by providing critical security-focused input on transition architectures for acquired companies. This position reports to the Sr. Director of Infrastructure & Cloud Architecture and works closely with Solution Architects, CloudOps, DevSecOps, the Enterprise Security team, business customers, and vendors. 

The architect will work with a team of US-based remote architects and a growing team in our India office, creating architecture with a geographic scope covering the US, Canada, Finland, and Mexico. This position reports to the Sr. Director of Infrastructure & Cloud Architecture and works closely with CloudOps, DevSecOps, Security teams, business customers, and vendors. 

Responsibilities:

The Principal Security Architect is responsible for directing the security architecture and strategy for the Technology Department. This is a senior, hands-on technical role, not a direct people management position. The architect will set the security vision by developing both high-level security reference architectures and consulting on detailed solution architectures, guiding projects from concept to completion. The successful candidate will act as a key security consultant to business and technology partners—including peer architects—ensuring solutions are robust, secure, and strategically aligned, while also providing mentorship to the broader architecture team. 

Security Architecture Design and Collaboration

• Apply expert knowledge of security architecture, threat modeling, and secure implementation patterns across on-premises, hybrid, and multi-cloud (Azure, AWS, and GCP) environments. 

• Utilize and promote knowledge of DevSecOps, embedding security principles and tooling into CI/CD pipelines and processes. 

• Serve as the lead Subject Matter Expert for the Technology Department's security architecture, guiding technology decisions to ensure architectural integrity and consistency across all projects. 

• Develop and govern a library of reusable Security Reference Architectures (secure design patterns) to accelerate project delivery, improve solution quality, and reduce risk. 

• Collaborate with solution and enterprise architects to integrate security controls into their Solution Architectures, ensuring designs are secure from inception. 

• Demonstrate leadership ability to back security decisions with research and the “why,” and articulate several options, the pros and cons for each, and a final recommendation. 

• Maintain overall industry knowledge on the latest security trends, threats, and relevant technologies. 

• Define optimal security patterns and solutions for data protection, identity and access management, and high availability/disaster recovery. 

Consultation & Partnership 

• Partner with business and technology teams to translate functional requirements into secure, scalable, and resilient technology solutions. 

• Act as a key architectural liaison between project teams and the Enterprise Security Team, streamlining communication and ensuring security requirements are met efficiently to accelerate project delivery. 

• Analyze vendor-provided reference architectures and solutions, suggesting improvements and implementation options that align with company standards, and formally documenting any exceptions or accepted risks. 

• Proactively review existing operational systems and services using available tooling to identify and document architectural security gaps and collaborate with system owners to drive security improvements. 

• Lead the architectural analysis and resolution of complex security-related technical issues to minimize business impact and prevent future occurrences. 

• Provide support and technical governance, offering security expertise related to cloud architectures, deployment, and operations to the same customers that our architects work with. 

Thought Leadership 

• Provide thought leadership in the security industry and to fellow team members across business and technical project dimensions, solving complex business requirements with a security-first mindset. 

• Establish and maintain the technology vision and strategy for enterprise security, ensuring the architectural roadmap enables long-term business ambitions in a secure manner. 

• Advocate and define the security architecture vision from a strategic perspective, promoting a "secure-by-design" culture across the organization. 

Mentoring 

• Mentor and develop the security capabilities of the entire architecture team, fostering a culture of security excellence, innovation, and continuous improvement. 

Qualifications:

• Master’s degree in Computer Science, Information Systems, or a related field, or equivalent experience; an advanced degree is preferred. 

• 10+ years of experience in technology architecture, with a proven track record of designing and delivering large, complex IT solutions, with at least 7 of those years focused specifically on security architecture. 

• Expert knowledge of cloud security architecture across AWS, Azure, and GCP, including application system design, data protection, and systems integration. 

• Professional security and cloud certifications are strongly preferred, such as: 

• General Security: CISSP, CISM, CCSP 

• Cloud-Specific: AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Expert, Google Professional Cloud Security Engineer 

• Deep expertise in traditional on-premises infrastructure (e.g., data centers, server virtualization, storage, network security) is essential for leading security assessments and architecting hybrid solutions. 

• Proven ability to operate at all levels, comfortable with high-level strategic thinking while also capable of diving deep into technical details to troubleshoot and validate security designs. 

• Experience in the healthcare industry is strongly preferred and highly valued. 

• Strong executive presence and leadership skills, coupled with a sense of ownership and full accountability for securing solutions from design through to operational success. 

• Demonstrated ability to thrive in a dynamic environment, adjusting priorities as circumstances dictate. 

• Excellent verbal and written communication skills, with the ability to articulate complex security concepts and risks to diverse audiences, from engineers to executives. 

60286

Quest Diagnostics honors our service members and encourages veterans to apply.

While we appreciate and value our staffing partners, we do not accept unsolicited resumes from agencies. Quest will not be responsible for paying agency fees for any individual as to whom an agency has sent an unsolicited resume.

Equal Opportunity Employer: Race/Color/Sex/Sexual Orientation/Gender Identity/Religion/National Origin/Disability/Vets or any other legally protected status.