Director, Security Architecture & Engineering
Boomi
Houston, TX
You will be a key leader in Boomis cybersecurity team, responsible for the strategic direction, design, and oversight of all security architecture and engineering efforts. You will manage the Cyber Security Engineering job family, setting architectural standards, driving major security technology deployments, and ensuring the technical roadmap aligns with global business objectives and risk posture. You will manage and mentor the security engineering team, fostering a culture of secure design and continuous improvement.
What You’ll Do
• Strategy & Roadmap (Plan): Define the enterprise-wide security strategy and roadmap. Identify gaps in our defenses and plan the long-term investment in tools and standards to close them.
• Strategic Architecture (Design): Act as the primary design authority. Create security patterns, blueprints, and "Golden Paths" for Cloud (AWS/Azure/GCP) and Application Security that make the secure choice the easy choice for developers.
• Threat Modeling & Offensive Design: Embed an "Attacker’s Mindset" into the design phase. Lead Threat Modeling sessions (e.g., STRIDE, PASTA) for critical architecture changes to anticipate adversarial moves before code is even written.
• Collaborative Engineering (Build): Work side-by-side with Engineering teams to identify and configure the right security tools (SAST/DAST/WAF). Focus on delivering solutions that integrate naturally into the developer ecosystem, making security an enabler of quality rather than just a compliance step.
• Operational Partnership (Run & Maintain): Collaborate closely with the Director of Operations to ensure a seamless handoff of technologies into the "Run" phase. Define operational playbooks, maintenance schedules, and health metrics to ensure that the security systems you build are sustainable, monitorable, and easily maintained by the Operations team.
• Corporate & Enterprise Security: Extend security architecture beyond the product to the corporate environment. Design and implement Zero Trust controls for internal infrastructure, including Identity & Access Management (IAM), endpoint security, and internal SaaS applications.
• Strategic Consolidation & Efficiency: Conduct a comprehensive audit of the current security toolchain to identify redundancy. Drive a strategy of consolidation, retiring legacy point-solutions in favor of integrated platforms that reduce complexity and cost.
• AI & Next-Gen Automation: Lead the architecture for securing internal AI/ML initiatives and champion an "Automate First" mentality. Replace manual security reviews with self-healing automation and API-driven workflows.
• Cross-Functional Partnership: Partner with R&D’s embedded DevSecOps teams to operationalize security standards into CI/CD pipelines, and collaborate with the Trust & Assurance team to rapidly engineer fixes for findings identified during Penetration Tests and Red Team exercises.
• Team Leadership: Manage and mentor a high-performing team of Security Architects and Engineers, fostering a culture of technical depth and innovation.
The Experience You Bring
• Minimum 10+ years of experience in Information Security, with 5+ years in a senior architecture or leadership role.
• Expert-level knowledge of security domains, architecture principles, and integration of security across enterprise and cloud environments (AWS, Azure, GCP).
• Proven experience in managing, budgeting, and scaling a high-performing technical team.
• Strong understanding of security frameworks (e.g., NIST CSF, ISO 27001) and security best practices for SaaS/Cloud platforms.
• Ability to define and articulate security strategy to executive leadership and technical teams.
Bonus Points If You Have
• Masters Degree in Computer Science, Information Security, or a related discipline.
• CISSP, CISM, or relevant architectural certifications.
• Experience in the financial planning and management of large-scale cybersecurity project.
• Background in large, high-growth SaaS or iPaaS environments.