Cybersecurity Architect

Why Black and Veatch

Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day one. 

At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.

The Opportunity

The Cybersecurity Architect is a key senior role focused on defining, designing, and maintaining the organization's enterprise-wide security architecture to align with business goals, risk strategies, and evolving threats.

Core Responsibilities:

• Develops and maintains a comprehensive security architecture strategy, including plans, roadmaps, processes, and artifacts (e.g., models, standards, templates) that translate business objectives, technology needs, and threat landscapes into actionable, aligned security solutions for cloud, on-premise, and hybrid environments.
• Monitors emerging digital business changes and threat developments; updates security strategies, architectures, and reference designs accordingly; validates IT infrastructure, configurations, and tools (e.g., firewalls, IPS, WAF, endpoint protection) against best practices; recommends enhancements to mitigate risks.
• Collaborates with stakeholders—including enterprise architects, system owners, security engineers, vendors, operational teams, and the CISO—to assess and integrate security controls (system-specific, hybrid, common); evaluates third-party SOWs, audit reports, and provider controls; coordinates security for OT/IoT systems; serves as primary liaison for control allocation and assurance.

The Team

Black & Veatch’s Business Enablement consists of critical groups that help enable the organizations people, projects, and businesses to be as successful as possible. Functions in this group include Digital & Information Technology, Global Finance, Global Human Resources, Legal, Risk Management, and Government Affairs and Real Estate and Building Services.

Key Responsibilities

• Establishes baseline security configuration standards for operating systems, network segmentation, least-privilege access, and identity and access management (IAM); reviews and validates network segmentation designs.
• Defines and maintains standards and procedures for data encryption, tokenization, and protection of sensitive data, aligned with organizational data classification; collaborates with privacy teams to map data flows and recommend appropriate controls.
• Drafts, documents, and maintains security policies, standards, procedures, and architecture artifacts; submits for executive/CISO review and approval; ensures integration throughout the acquisition lifecycle and system development.
• Conducts threat modeling for applications, services, and systems based on associated risks and data sensitivity; identifies architecture gaps, performs security reviews, and develops risk management plans to address vulnerabilities.
• Stays current on emerging security technologies, threats, trends, and best practices; evaluates new tools, services, and vendors; provides recommendations to the security team based on security, cost, and operational considerations.
• Collaborates with DevOps, development, and project teams to promote secure coding practices, participate in application/infrastructure projects, advise on security planning, and escalate issues to the CISO.
• Supports security testing, validation, and internal audits of controls; liaises with internal audit, vendor management, and other security practitioners to assess vendor risks, review SOWs/audits, and share best practices.
• Analyzes the security impact of new systems, interfaces, or changes on the existing environment; recommends enhancements to maintain or improve overall security posture.

Management Responsibilities

Supervises work of others. Responsible for hiring, discipline, and pay administration of their subordinates.

Preferred Qualifications

• Hands-on expertise managing security infrastructure: firewalls, IPS, WAFs, endpoint protection, SIEM, and log management.
• Proven track record building enterprise AI security frameworks and controls for generative AI, LLMs, federated learning, and AI supply chain risks
• Direct experience securing applications and infrastructure in public clouds (AWS, Azure).
• Practical design and implementation of IAM technologies and services
• Excellent communication skills: able to translate complex security topics into clear business language; strong verbal/written presentation to stakeholders.

Minimum Qualifications

• Bachelor's degree: Computer Science, Cybersecurity, Information technology, Network Engineering, or a closely related field.
• 8-10+ years in InfoSec or Information Technology with a significant portion in cybersecurity.
• All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Certifications

CISSP, CISM, CCSP, CEH, or similar with a Cybersecurity emphasis

Work Environment/Physical Demands

Hybrid or flexible work options may be offered after the first 90 days of employment based upon manager discretion, job performance and work assignments.