The Short Version
A Security Architect designs, builds and oversees the implementation of network and computer security for an organization.
As a senior-level employee, you’ll be responsible for creating complex security structures – and ensuring they work.
Security Architect Responsibilities
Since this is a “big-picture” job, you may be required to:
Acquire a complete understanding of a company’s technology and information systems
Plan, research and design robust security architectures for any IT project
Perform vulnerability testing, risk analyses and security assessments
Research security standards, security systems and authentication protocols
Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
Prepare cost estimates and identify integration issues
Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
Test final security structures to ensure they behave as expected
Provide technical supervision for (and guidance to) a security team
Define, implement and maintain corporate security policies and procedures
Oversee security awareness programs and educational efforts
Respond immediately to security-related incidents and provide a thorough post-event analysis
Update and upgrade security systems as needed
Throughout this process, you will be directing members of your programming team and reporting your progress to the CISO.
Cybersecurity: Managing Risk in the Information Age online short course
Security Architect Career Paths
The road to becoming a Security Architect often starts with entry-level security positions such as:
This is followed by intermediate-level positions such as:
Once you have achieved your title, you may choose to stay in your position. In large organizations, it’s possible to be promoted to Senior Security Architect or even Chief Security Architect.
Or you could consider becoming a:
The role of “Security Architect” encompasses job titles such as:
Information Security Architect
Information Systems Security Architect
NOTE: “Security Architect” job descriptions often focus on technical skills; “Information Security Architect” job descriptions may focus on directorial/managerial responsibilities.
SECURITY ARCHITECT SALARIES
According to Payscale, the median salary for a Security Architect is $109,794 (2014 figures). Overall, you can expect to take home a total pay of $84,237 – $160,166. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
SECURITY ARCHITECT JOB REQUIREMENTS
Since Security Architects are intimately involved in creating security systems and procedures, employers will require you to have a bachelor’s degree in Computer Science, Cyber Security or a related field.
If you don’t have a bachelor’s degree, you may wish to consider gaining a master’s degree in IT security. You can supplement this qualification with training and certifications.
Security Architects are expected to have at least 5-10 years of relevant IT experience, including exposure to business planning, systems analysis and application development. Plan for 3-5 of those years to be devoted specifically to security.
Knowledge of the following technical skills should prove useful:
Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
ISO 27001/27002, ITIL and COBIT frameworks
Windows, UNIX and Linux operating systems
Perimeter security controls – firewall, IDS/IPS, network access control and network segmentation
Router, switch and VLAN security; wireless security
Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
Practices and methods of IT strategy, enterprise architecture and security architecture
Network security architecture development and definition
Knowledge of third party auditing and cloud risk assessment methodologies
Since this is a management role, you should be completely comfortable with your oral, teaching and communication skills. You will often be conveying technical information to a non-technical audience.
Employers are also looking for candidates who are inspiring leaders and strategic problem-solvers. Throughout the year, you will be responsible for managing a wide variety of projects and team members.
Certifications For Security Architects
Due to the nature of your work, employers will be looking for advanced security certifications from accredited bodies. You may wish to consider researching:
CISSP: Certified Information Systems Security Professional
CISSP-ISSAP: Information Systems Security Architecture Professional
CISM: Certified Information Security Manager
CEH: Certified Ethical Hacker
CSSA: Certified SCADA Security Architect
GSEC / GCIH / GCIA: GIAC Security Certifications