Sprouts Farmers Markets

Senior IT Security Architect

Sprouts Farmers Markets$120K — $150K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, IT, Engineering, or equivalent experience.
  • 10+ years in enterprise security architecture, covering various domains.
  • 3+ years of hands-on Azure security architecture experience.
  • Deep understanding of identity protocols like OAuth/OIDC, SAML, SCIM.
  • Expertise in EDR/EPP, DLP, data classification, and CASB/SASE architecture preferred.

Responsibilities

  • Author reference architecture and design documents across all security domains.
  • Lead security architecture positions at the Architecture Review Board (ARB).
  • Design Azure landing zones and govern security for cloud platforms.
  • Architect conditional access and identity integration patterns.
  • Drive zero-trust maturity across organizational perimeters.

Benefits

  • Collaborative work environment with cross-functional teams.
  • Continuous professional development and mentoring opportunities.
  • Opportunities to influence company-wide security practices.
  • Exposure to cutting-edge cloud and security technologies.
Full Job Description
Overview

Please note this position is based in our Phoenix, AZ Support Office. The Sr. IT Security Architect is the lead technical architect for Sprouts' IT Security program, designing and driving security architecture across the enterprise.

The Sr. IT Security Architect mentors security engineers and analysts, leads through influence across infrastructure, network, cloud, and application teams, and carries architectural decisions to the Architecture Review Board (ARB) with a recommended path. The role translates business, compliance, and regulatory requirements into concrete, implementable designs and standards that survive implementation and audit.

Sprouts runs an Azure-first cloud stack-including Databricks, Synapse/Fabric, and Azure Virtual Desktop-alongside store systems, point-of-sale, and payment infrastructure under PCI-DSS. The role requires fluency across both. Architectural decisions align with NIST CSF, ISO 27001, CIS Controls, SOX, PCI-DSS, and applicable privacy regulations.

Periodic after-hours or weekend work may be required to support security escalations or major incidents.

Essential Functions

Essential job functions
• Author reference architecture and design documents across all security domains. Designs must be implementable, testable, and resistant to drift.
• Lead security architecture positions at the Architecture Review Board (ARB). Define and enforce architectural gates for development-to-production progression. Present options, trade-offs, and a recommended path for each decision.
• Lead complex, cross-functional security architecture initiatives of strategic importance to the organization. Advise senior leadership on security matters of significant impact, and provide input to department goals, planning, and budget priorities.
• Design and govern Azure landing zones, managed identity patterns, Key Vault and private-endpoint baselines, CSPM policy, and Terraform/Bicep security guardrails. Lead security architecture for Databricks, Synapse, and Fabric data platforms, including data-lake segmentation and access control.
• Design integration patterns for Microsoft Entra ID and Okta, conditional access, MFA strategy, B2C customer identity, Azure Virtual Desktop access, and BYOD access. Architect CrowdStrike Identity Protection integration with the identity estate.
• Partner with network architecture on segmentation for headquarters and store environments, SASE/CASB/NPA architecture (Netskope), edge protection (Cloudflare), and vendor/BYOD network zones. Drive zero-trust maturity across corporate, retail, and cloud perimeters.
• Set architectural direction for EDR/EPP/IDP (CrowdStrike), endpoint management (Tanium), CASB (Netskope), and email security (Proofpoint). Guide the decommissioning of legacy platforms and the onboarding of replacements.
• Design DLP, data classification (BigID), consent management, and data retention patterns. Govern the security and privacy architecture of AI platforms, vendors, and internal AI tooling, including model-training and data-handling terms.
• Support vendor risk assessments, review SOC 2 Type 2 reports, evaluate vendor SSO/SCIM/RBAC/audit-logging, and author SDLC security standards (secrets management, logging baselines, secure deployment patterns).
• Design security architecture for store systems, point-of-sale, handheld devices, and third-party store integrations. Ensure PCI-DSS alignment across applicable environments.
• Draft and maintain architectural standards and patterns: naming conventions, IaC security patterns, API gateway baselines, cloud tagging, and logging/compliance defaults.
• Map architectural initiatives to NIST CSF (Govern, Identify, Protect, Detect, Respond, Recover), CIS Controls, SOX, and PCI-DSS, borrowing from ISO 27001 and other best practices where applicable. Contribute to security policies and standards.
• Provide guidance, coaching, and training in security architecture across the Company within area of expertise - to security engineers and analysts as well as partners in infrastructure, network, cloud, and application teams.
• Participate in root cause analysis and architectural remediation for incidents, breaches, and HR/Legal investigations. Translate lessons learned into architectural changes.
• Comply with and contribute to change control, development lifecycle, and release management policies. Ensure architectural changes are represented at CAB and documented appropriately.

Knowledge, Skills, Abilities and Physical Requirements

Knowledge Skills & Abilities
• Bachelor's degree in Computer Science, Information Technology, Engineering, or equivalent experience in a related discipline.
• 10+ years of enterprise security architecture experience spanning cloud, identity, network, endpoint, application, and data security.
• 3+ years of hands-on Azure security architecture: landing zones, Key Vault, managed identity, private endpoints, Microsoft Sentinel, and Azure-native data platforms (Databricks, Synapse, Fabric).
• Deep identity architecture experience with core protocols (OAuth/OIDC, SAML, SCIM, federation), conditional access, MFA strategy, and B2C customer identity. Hands-on experience with Microsoft Entra ID and Okta preferred.
• Expert-level experience with EDR/EPP and Identity Protection platforms (CrowdStrike preferred).
• Expert-level experience with enterprise DLP, data classification (e.g., BigID), and CASB/SASE architecture (Netskope preferred).
• Expert-level experience with enterprise email security (Proofpoint preferred) and edge protection (Cloudflare preferred).
• Working experience with Infrastructure-as-Code security: Terraform and/or Bicep, policy-as-code, and CSPM platforms.
• Fluency with security and compliance frameworks: NIST CSF, CIS Controls, PCI-DSS, SOX, and applicable privacy regulations (CCPA).
• Retail, PCI, and store-systems experience strongly preferred (POS, payment, store network, third-party retail integrations).
• CISSP, CCSP, or equivalent security certification required.
• Demonstrated track record of authoring architecture documentation that survives review, implementation, and audit.
• Proficiency with monitoring, logging, change management, and CMDB tooling (ServiceNow experience a plus).

About Sprouts Farmers Markets

Sprouts Farmers Market is a supermarket chain that specializes in selling natural and organic food products. The company was founded in 2002 in Chandler, Arizona, and has since expanded to over 360 stores across the United States. Sprouts Farmers Market offers a wide variety of products, including fresh produce, meat and seafood, bulk foods, vitamins and supplements, and household essentials. The company is committed to providing healthy and affordable food options to its customers, and has a strong focus on sustainability and community involvement.
Learn more about Sprouts Farmers Markets
Size
31,000 employees
Market Cap
$3.4 billion
Industry
Net Income
$287.4 million
Founded
2002
5 Year Trend
+8.6%
Revenue
$6.4 billion
NASDAQ

Similar Jobs

More Jobs at Sprouts Farmers Markets

More Information Technology Jobs

Find similar Senior IT Security Architect jobs: