What Does a Security Architect Do?
What is a Security Architect?
A Security Architect designs, builds and oversees the implementation of network and computer security for an organization. As a senior-level employee, you’ll be responsible for creating complex security structures – and ensuring that they work. In addition to handling defense (e.g. vulnerability testing, installing firewalls, etc.) and response (e.g. dealing with security-related incidents), you’ll often be building security infrastructures, providing technical guidance, assessing costs & risks, and establishing security policies and procedures.
Along with the usual assortment of IT & security tools, aspiring security architects usually have a unique set of management-focused hard skills (e.g. risk assessment procedures) and a strong core of previous work experience. It’s not a job that you can jump right into after graduation—many folks work their way up from roles in engineering, consulting, and/or analysis.
Security Architect Job Responsibilities
Since this is a “big-picture” job, you may be required to:
- Acquire a complete understanding of a company’s technology and information systems
- Plan, research and design robust security architectures for any IT project
- Perform vulnerability testing, risk analyses and security assessments
- Research security standards, security systems and authentication protocols
- Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
- Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
- Prepare cost estimates and identify integration issues
- Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
- Test final security structures to ensure they behave as expected
- Provide technical supervision for (and guidance to) a security team
- Define, implement and maintain corporate security policies and procedures
- Oversee security awareness programs and educational efforts
- Respond immediately to security-related incidents and provide a thorough post-event analysis
- Update and upgrade security systems as needed
Throughout this process, you will be directing members of your programming team and reporting your progress to the CISO.
Security Architect Careers
Security Architect Career Paths
The road to becoming a Security Architect often starts with entry-level security positions such as:
- Security Administrator
- Network Administrator
- System Administrator
This is followed by intermediate-level positions such as:
Once you have achieved your title, you may choose to stay in your position. In large organizations, it’s possible to be promoted to Senior Security Architect or even Chief Security Architect.
Or you could consider becoming a:
The role of “Security Architect” encompasses job titles such as:
- Information Security Architect
- Information Systems Security Architect
Security Architect Salaries
According to Payscale, the median salary for a Security Architect is $121,020 (2019 figures). Overall, you can expect to take home a total pay of $84,463 – $174,976. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Security Architect Job Requirements
A quick look at security architect jobs will tell you that companies are looking for a few key factors: a recognized degree in IT security or a related field (bachelor’s or master’s); a minimum of 5 years of relevant experience; an in-depth knowledge of security strategies and architectures; strong interpersonal and leadership skills (you’re going to be managing teams); and relevant Security Certifications. CISSP and CSSA are popular choices, but there are other options.
You can really set yourself up for success by examining security architect job postings in your chosen area (e.g. corporate finance) and taking the time to buff up any weak spots on your résumé. If you don’t have colleagues who can lend advice, you may also want to contact current security architects through LinkedIn or other networking avenues. They’ll often be willing to provide you with firsthand knowledge of the field—including the skills that are prized in real-life scenarios.
Since Security Architects are intimately involved in creating security systems and procedures, employers will require you to have a bachelor’s degree in Computer Science, Cyber Security or a related field.
If you don’t have a bachelor’s degree, you may wish to consider gaining a master’s degree in IT security. You can supplement this qualification with training and certifications.
Security Architects are expected to have at least 5-10 years of relevant IT experience, including exposure to business planning, systems analysis and application development. Plan for 3-5 of those years to be devoted specifically to security.
Knowledge of the following technical skills should prove useful:
- Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies
- ISO 27001/27002, ITIL and COBIT frameworks
- Windows, UNIX and Linux operating systems
- Perimeter security controls – firewall, IDS/IPS, network access control and network segmentation
- Router, switch and VLAN security; wireless security
- Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- Practices and methods of IT strategy, enterprise architecture and security architecture
- Network security architecture development and definition
- Knowledge of third party auditing and cloud risk assessment methodologies
Security Architects are in management, so you should be completely comfortable with your oral, teaching and communication skills. You will often be conveying technical information to a non-technical audience (e.g. CEO).
Employers are also looking for candidates who are inspiring leaders and strategic problem-solvers. Throughout the year, you will be responsible for managing a wide variety of projects and team members.
Certifications for Security Architects
Due to the nature of your work, employers will be looking for advanced security certifications from accredited bodies. You may wish to consider researching:
- CISSP: Certified Information Systems Security Professional
- CISSP-ISSAP: Information Systems Security Architecture Professional
- CISM: Certified Information Security Manager
- CEH: Certified Ethical Hacker
- CSSA: Certified SCADA Security Architect
- GSEC / GCIH / GCIA: GIAC Security Certifications