Security Architect at Terawork

Job Summary: 

• We are seeking an experienced Security Architect who will be responsible for integrating Security Operations and Security Engineering activities within the MSSP. The role acts as the technical and operational bridge between SOC analysts, security engineers, and clients. This individual is hands-on, customer-facing, and capable of engaging directly with clients on-site to design, implement, and optimize security solutions across on-prem and cloud environments.

Description

• Engage directly with clients on-site to assess environments, design security architectures, and implement security solutions.
• Act as a trusted technical advisor during onboarding, service reviews, and security improvement initiatives.
• Translate client business and risk requirements into effective SOC and security engineering solutions.
• Support pre-sales activities, technical scoping, and solution design where required.
• Provide technical and operational leadership to SOC analysts and responders, ensuring effective monitoring, detection, and incident response.
• Guide SOC workflows, escalation processes, and incident handling procedures.
• Ensure SOC operations align with SLAs, playbooks, and industry best practices.
• Act as an escalation point for complex incidents and high-impact security events.
• Lead the design, implementation, and optimization of SOC and security platforms including SIEM, SOAR, EDR/XDR, NDR, threat intelligence, and log management solutions.
• Oversee data onboarding, integrations, and tuning across client environments.
• Ensure SOC tooling is scalable, reliable, and engineered to support efficient operations.
• Drive automation and detection engineering to improve alert quality and reduce MTTR.
• Design and support security monitoring and controls for cloud environments (AWS, Azure, GCP).
• Integrate cloud logs, identity, network, and workload telemetry into SOC platforms.
• Advise clients on secure cloud architecture and monitoring best practices.
• Bridge the gap between SOC operations and security engineering, ensuring tooling, detections, and automation support real operational needs.
• Work closely with engineers to translate analyst feedback into platform and detection improvements.
• Standardize configurations, architectures, and engineering practices across clients.
• Ensure SOC and engineering activities align with regulatory and contractual requirements (e.g., ISO 27001, SOC 2, PCI DSS).
• Support audits, assessments, and client assurance activities.
• Continuously evaluate emerging threats, technologies, and service improvements.

Requirements:

• 7–10+ years in cybersecurity, with experience across SOC operations and security engineering.
• Experience working in an MSSP or multi-client environment.
• Demonstrated client-facing experience, including on-site implementations.
• Experience leading or guiding technical security teams.
• Strong hands-on experience with SIEM, SOAR, EDR/XDR, and SOC tooling.
• Proven experience in security engineering and SOC operations.
• Solid knowledge of cloud architecture and cloud security (AWS, Azure, GCP).
• Experience with automation and scripting (Python, PowerShell, Bash).
• Strong understanding of threat detection frameworks (MITRE ATT&CK).
• Cloud and security certifications (CISSP, GIAC, Azure/AWS Security, Splunk, Sentinel).
• Strong collaboration, communication, and problem-solving skills.