Security Hub Architect

About Client:
The client is a global consulting, technology, and digital firm specializing in the financial services industry. Established in 2001, the company provides innovative solutions to help clients navigate digital transformation, enhance operational efficiency, and achieve strategic objectives. With a focus on banking, capital markets, and insurance, it leverages cutting-edge technologies such as blockchain, artificial intelligence, and data science to deliver customized IT solutions and business consulting services.
The company's commitment to innovation, combined with its industry expertise, positions it as a leader in driving technological advancements and helping financial institutions stay competitive in a rapidly evolving market.



Rate Range: $100-$115/Hr



Job Description:

• The Security Hub Architect will serve as the technical lead responsible for the architecture, design, and implementation of a purpose-built Security Hub supporting Client's Data Private Cloud (DPC) initiative. The role will define the overall solution architecture, security control framework, integration strategy, detection capabilities, and operational model while ensuring alignment with enterprise security, governance, and OpenShift standards.
• The Security Hub Architect will work closely with platform engineering, security engineering, SRE, integration teams, and business stakeholders to establish Security Hub as the authoritative system of record for security findings and enable centralized visibility, control enforcement, automated remediation, and audit-ready compliance reporting.

Key Responsibilities:
Security Hub Architecture & Design:

• Define the end-to-end Security Hub architecture aligned with enterprise security and DPC requirements.
• Design a control-driven security framework supporting approximately 60 controls across multiple security domains.
• Establish Security Hub as the centralized system of record for security findings, governance, and reporting.
• Define high availability, resiliency, scalability, and disaster recovery requirements.
• Develop logical, physical, and integration architecture artifacts.

Security Controls & Detection:

• Design and implement triple-mode detection capabilities utilizing:
  • Real-time security events
  • Observability metrics
  • Periodic compliance and security scans
• Translate enterprise security controls into enforceable technical controls.
• Define control validation, compliance monitoring, and evidence-generation requirements.
• Establish control traceability and audit-readiness processes.

Integration Architecture

• Define an integration-first architecture supporting event-driven security operations.
• Design integrations with:
  • Keycloak
  • Ranger
  • OpenShift APIs
  • Kafka
  • LGTM
  • StorageGRID
  • DataHub
  • Vault/Venafi
  • ServiceNow
  • Enterprise observability platforms
• Define telemetry ingestion, normalization, correlation, and workflow orchestration patterns.

Automation & AI Enablement:

• Design automated remediation workflows and approval-gated enforcement processes.
• Define AI-assisted triage, root-cause analysis, prioritization, and recommendation capabilities.
• Leverage accelerator frameworks and reusable implementation patterns to accelerate delivery.
• Ensure AI-enabled capabilities align with enterprise governance and architecture standards.

Governance & Operational Readiness

• Participate in architecture governance, design reviews, and stakeholder workshops.
• Support development of operational processes, runbooks, and support models.
• Ensure alignment with compliance, risk, audit, and regulatory requirements.
• Support knowledge transfer and transition to steady-state operations.

Required Skills & Experience:
Experience:

• 15+ years of cybersecurity, cloud security, or security architecture experience.
• 5+ years designing and implementing enterprise security platforms.
• Experience leading large-scale security transformation initiatives within highly regulated environments.
• Experience establishing centralized security operations, governance, and compliance platforms.

Technical Skills:

• Security Architecture
• OpenShift / Kubernetes
• Cloud Security (AWS, Azure, GCP)
• SIEM / SOAR Platforms
• Security Operations (SecOps)
• Vulnerability Management
• Identity & Access Management (IAM)
• Event-Driven Architecture
• Kafka
• API Integration
• ServiceNow
• Observability Platforms
• Security Control Frameworks

Security Framework Knowledge:

• NIST Cybersecurity Framework
• CIS Controls
• NIST 800-53
• ISO 27001
• Zero Trust Architecture
• Security Operations & Incident Response

Preferred Qualifications:

• Experience designing Security Hub, SIEM, SOC, CNAPP, CSPM, or centralized security platforms.
• Experience implementing control-driven governance models.
• Experience with ServiceNow Security Operations.
• Experience with policy-as-code and automation frameworks.
• Experience integrating AI/GenAI capabilities into security operations.
• Experience supporting financial services organizations and regulatory environments.

Key Deliverables:

• Security Hub Architecture Documents
• Control Framework Design
• Triple-Mode Detection Design
• Integration Architecture & Data Flow Designs
• Security Control Mapping & Traceability Matrix
• Automation & Remediation Architecture
• Reporting & Compliance Architecture
• Operational Readiness & Governance Artifacts
• Architecture Review & Approval Packages

Success Measures:

• Successful deployment of Security Hub on OpenShift
• Full implementation of planned security controls
• Successful integration across enterprise and DPC platforms
• Audit-ready reporting and compliance evidence generation
• Automated remediation and workflow orchestration operational
• Achievement of performance, scalability, and resiliency objectives
• Successful production deployment and transition to steady-state operations
• This role would be considered the technical authority for the entire Security Hub program, responsible for ensuring the solution architecture supports governance, integrations, automation, reporting, and long-term operational sustainability.

About ApTask:
ApTask is a leading global provider of workforce solutions and talent acquisition services, dedicated to shaping the future of work. As an African American-owned and Veteran-certified company, ApTask offers a comprehensive suite of services, including staffing and recruitment solutions, managed services, IT consulting, and project management. With a focus on excellence, collaboration, and innovation, ApTask provides unparalleled opportunities for professional growth and development. As a member of the ApTask team, you will have the chance to connect businesses with top-tier professionals, optimize workforce performance, and drive success across diverse industries. Join us at ApTask and be part of our mission to empower organizations to thrive while fostering a diverse and inclusive work environment.

Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.

Candidate Data Collection Disclaimer:
At ApTask, we prioritize safeguarding your privacy. As part of our recruitment process, certain Personally Identifiable Information (PII) may be requested by our clients for verification and application purposes. Rest assured, we strictly adhere to confidentiality standards and comply with all relevant data protection laws. Please note that we only collect the necessary information as specified by each client and do not request sensitive details during the initial stages of recruitment.

If you have any concerns or queries about your personal information, please feel free to contact our compliance team at

businessexcellence@aptask.com

Applicant Consent:
By submitting your application, you agree to ApTask's (www.aptask.com) Terms of Use and Privacy Policy, and provide your consent to receive SMS and voice call communications regarding employment opportunities that match your resume and qualifications. You understand that your personal information will be used solely for recruitment purposes and that you can withdraw your consent at any time by contacting us at 732-355-8000 or help@aptask.com. Message frequency may vary. Msg & data rates may apply.