As Principal Security Architect, you'll own the technical security strategy across our enterprise IT and SaaS environments, partnering closely with engineering, infrastructure, product security, and compliance functions to protect pilot, operator, and avaiation data.
This is a senior individual contributor role with real authority: you set the architecture, drive adoption, and measure outcomes. You'll report into IT leadership while serving as the senior technical security voice across the enterprise while partnering with your security peers within product engineering. Please note this role is hybrid in Denver, CO or Austin, TX, but remote candidates will be considered on a case by case basis.
Key ResponsibilitiesSecurity Architecture- Define and continuously evolve the enterprise security architecture across identity, endpoint, network, cloud (AWS/Azure), and SaaS. Produce explicit threat models for each tier; translate them into prioritized engineering roadmaps.
Zero Trust & Identity. - Design and oversee implementation of zero-trust access, IAM/PAM, MFA, and privileged credential management - with Okta and Entra ID as the primary platforms.
Detection & Response. Lead technical response to high-severity incidents. Operate and mature EDR/XDR, SIEM, and DLP programs; drive post-incident hardening with measurable outcomes.
Platform & Vendor Review. - Evaluate and approve security designs for new platforms, SaaS integrations, infrastructure initiatives, and M&A activity before they reach production.
Compliance Engineering. - Partner with GRC on SOC 2, ISO 27001, and aviation-specific control requirements. Translate auditor findings and regulatory obligations into concrete engineering work - not policy binders.
Technical Leadership. - Mentor security and infrastructure engineers, raise the security bar in cross-functional architecture reviews, and serve as a credible peer to product security engineering leaders.
Basic Qualifications - 10+ years in security engineering or architecture, including 3+ years as a principal architect or staff-level IC with demonstrated enterprise ownership.
- Understanding of security as it flows across environments such as data centers, Azure, AWS. Hands-on familiarity with IAM and VPC security.
- Proven experience with enterprise identity platforms (Okta, Entra ID/Azure AD) and modern detection tooling (EDR/XDR, SIEM, SOAR).
- Solid working knowledge of NIST CSF, ISO 27001, and SOC 2; familiarity with FAA/EASA, DoD, or CMMC contexts is a meaningful advantage.
- Track record of turning risk assessments and audit findings into shipped engineering improvements - not just recommendations.
- Strong communicator across audiences: equally comfortable whiteboarding with engineers and presenting risk posture to executives.
- Bachelor's in CS, engineering, or equivalent experience. CISSP, OSCP, or GIAC certifications are valued, not required.
Preferred Qualifications - Experience in aviation, aerospace, defense, or other safety-critical software environments where the cost of a security failure extends beyond data.
- Hands-on experience integrating acquired companies onto a common enterprise security baseline - identity federation, endpoint standardization, and network segmentation.
- Familiarity with M&A security due diligence and post-close integration planning.
Why Join Us At Jeppesen ForeFlight, we know you want a rewarding career. To do that, you need challenging projects, a good work environment, and awesome coworkers. We believe in our employees, and we empower them to make a direct impact on our products and services. We strive to provide our employees with a world-class benefits experience, focused on supporting their physical, financial, and emotional wellbeing. Our benefits package includes but is not limited to the following:
- Medical, dental, vision insurance with Employer paid health premiums
- 401(k) with up to 10% company matching and immediate vesting
- 12 Weeks Paid Maternity Leave
- 4 Weeks Paid Paternity Leave
Pay is based upon candidate experience and qualifications, as well market and business considerations: Summary Pay Range:
Jeppesen ForeFlight - EOE including Disability/Vets | Pay Transparency | E-Verify Participant | Equal Opportunity Employer
