HiringCafe
Posted 2d ago

Staff Security Architect (Cloud Security & Incident Response)

@ PCCA
View All Jobs
Houston, Texas, United States
OnsiteFull Time
Responsibilities:Lead security architecture, Design cloud security patterns, Perform incident leadership
Requirements Summary:Hands-on security architecture and cloud security engineering leader with incident response experience; Azure emphasis; DevSecOps; Zero Trust; IAM; IaC; CI/CD.
Technical Tools Mentioned:Azure, OAuth2, OIDC, Defender for Cloud, Azure Policy, IAM, CI/CD, IaC, SIEM
Save
Mark Applied
Hide Job
Report & Hide
Job Description

Role Overview

PCCA is seeking a Staff Security Architect to serve as a hands-on security architecture and cloud security engineering leader. This role partners closely with Enterprise Architecture, DevOps, Engineering, and Infrastructure teams to design and implement secure-by-default patterns—with a strong emphasis on Azure cloud deployments, identity and access management, and DevSecOps. The role also leads cybersecurity incident response across Precision Health Holdings' operating companies as needed; during active incidents, incident leadership becomes the top priority.

Key Responsibilities

Security Architecture & Cloud Security Engineering (Primary)

·        Design and evolve PHH/PCCA security architecture standards, reference architectures, and security-by-default guardrails for cloud and hybrid environments.

·        Partner with DevOps and Engineering teams to secure Azure deployments (networking, identity, compute, data, and platform services).

·        Define secure patterns for CI/CD and Infrastructure-as-Code (IaC) pipelines, including policy-as-code and automated security controls.

·        Architect identity solutions leveraging OAuth2 / OpenID Connect (OIDC), least-privilege access, and strong authentication mechanisms.

·        Drive Zero Trust architecture initiatives across PHH/PCCA and its operating companies, including segmentation, device/user trust evaluation, and conditional access.

·        Implement and tune cloud security controls (e.g., Azure Policy, Defender for Cloud, logging/alerting) and integrate telemetry into centralized monitoring/SIEM.

·        Perform security design reviews and threat modeling for new systems, integrations, and major changes; document risks and recommended mitigations.

·        Develop pragmatic security requirements and controls aligned to business risk and regulatory needs; help teams implement them efficiently.

·        Create implementation-ready artifacts (runbooks, diagrams, reference configs) and provide hands-on assistance during builds and migrations.

Cybersecurity Incident Leadership (As-Needed; Priority During Incidents)

·        Lead technical incident response across PHH operating companies, coordinating containment, eradication, and recovery activities.

·        Triage security events to determine whether incidents can be handled in-house or require escalation/engagement of the virtual CISO (vCISO) and/or external partners.

·        Serve as a technical incident commander: manage timelines, coordinate responders, drive decision-making, and ensure clear communications to stakeholders.

·        Conduct root cause analysis and lead post-incident reviews to drive preventive improvements (architecture, controls, detection, and process).

·        Maintain and improve incident response playbooks, tooling, and escalation paths across subsidiaries to ensure consistent execution.