Role Overview
PCCA is seeking a Staff Security Architect to serve as a hands-on security architecture and cloud security engineering leader. This role partners closely with Enterprise Architecture, DevOps, Engineering, and Infrastructure teams to design and implement secure-by-default patterns-with a strong emphasis on Azure cloud deployments, identity and access management, and DevSecOps. The role also leads cybersecurity incident response across Precision Health Holdings' operating companies as needed; during active incidents, incident leadership becomes the top priority.
Key Responsibilities
Security Architecture & Cloud Security Engineering (Primary)
• Design and evolve PHH/PCCA security architecture standards, reference architectures, and security-by-default guardrails for cloud and hybrid environments.
• Partner with DevOps and Engineering teams to secure Azure deployments (networking, identity, compute, data, and platform services).
• Define secure patterns for CI/CD and Infrastructure-as-Code (IaC) pipelines, including policy-as-code and automated security controls.
• Architect identity solutions leveraging OAuth2 / OpenID Connect (OIDC), least-privilege access, and strong authentication mechanisms.
• Drive Zero Trust architecture initiatives across PHH/PCCA and its operating companies, including segmentation, device/user trust evaluation, and conditional access.
• Implement and tune cloud security controls (e.g., Azure Policy, Defender for Cloud, logging/alerting) and integrate telemetry into centralized monitoring/SIEM.
• Perform security design reviews and threat modeling for new systems, integrations, and major changes; document risks and recommended mitigations.
• Develop pragmatic security requirements and controls aligned to business risk and regulatory needs; help teams implement them efficiently.
• Create implementation-ready artifacts (runbooks, diagrams, reference configs) and provide hands-on assistance during builds and migrations.
Cybersecurity Incident Leadership (As-Needed; Priority During Incidents)
• Lead technical incident response across PHH operating companies, coordinating containment, eradication, and recovery activities.
• Triage security events to determine whether incidents can be handled in-house or require escalation/engagement of the virtual CISO (vCISO) and/or external partners.
• Serve as a technical incident commander: manage timelines, coordinate responders, drive decision-making, and ensure clear communications to stakeholders.
• Conduct root cause analysis and lead post-incident reviews to drive preventive improvements (architecture, controls, detection, and process).
• Maintain and improve incident response playbooks, tooling, and escalation paths across subsidiaries to ensure consistent execution.
