**ABOUT US** At HUB International, we are a team of entrepreneurs. We believe in empowering our clients, and we do so by protecting businesses and individuals in our local communities. We help businesses evaluate their risks and develop solutions tailored to their needs. We believe in empowering our employees. As a global firm, we offer employees resources in both technology and industry expertise, but we still maintain the local flavor of our offices. Our structure enables our teams to maintain their own unique, regional culture while leveraging support and resources from our corporate centers of excellence. HUB is the 5th largest global insurance and employee benefits broker, providing a boundaryless array of property, casualty, risk management, life and health, employee benefits, investment and wealth management products and services. With over 17,000 employees in more than 550 offices throughout North America, HUB has grown substantially, in part due to our industry leading success in mergers and acquisitions. **Job Overview** As a **Security Architecture Engineer** , you will play a pivotal role in designing, developing, and maintaining the security architecture for the organization. Your primary responsibility is to ensure that all systems, applications, and network infrastructures are securely designed, configured, and maintained. This position requires a deep understanding of security frameworks, threat landscapes, and the ability to apply secure engineering principles to new and existing systems. You will work closely with various teams, including IT, development, and compliance, to ensure that security best practices are incorporated at every stage of the project lifecycle. The role requires both hands-on technical skills and the ability to create comprehensive security architecture documentation. **Key Responsibilities** **1. Security Architecture Design & Development** + Develop, maintain, and review secure architecture frameworks and blueprints for on-premises, cloud, and hybrid environments. + Design and implement security controls that align with industry standards (e.g., NIST, ISO 27001, CIS) and company policies. + Ensure the architecture meets regulatory compliance requirements (e.g., GDPR, HIPAA, PCI-DSS). **2. Risk Assessment & Threat Modeling** + Perform threat modeling and risk assessments to identify vulnerabilities in new and existing systems. + Recommend security solutions to mitigate identified risks. + Collaborate with development and operations teams to integrate security into DevOps pipelines (DevSecOps). **3. Security Tools & Technologies** + Evaluate and recommend security tools and technologies such as firewalls, IDS/IPS, SIEM, DLP, endpoint security, and identity management solutions. + Oversee the integration of security technologies into the existing IT infrastructure. + Manage and optimize security configurations for various platforms (e.g., AWS, Azure, GCP, and traditional datacenter environments). **4. Collaboration & Teamwork** + Collaborate with cross-functional teams, including IT, networking, software engineering, and cloud operations, to incorporate security into system designs and workflows. + Work closely with compliance teams to ensure adherence to legal, regulatory, and industry standards. **5. Security Documentation & Reporting** + Develop detailed technical documentation, including system architecture diagrams, security architecture blueprints, and best practice guidelines. + Prepare reports and communicate complex technical issues to non-technical stakeholders, including executive leadership. **6. Incident Response & Security Audits** + This role may be requested to provide security expertise during incident response and forensic investigations. + Participate in internal and external audits by preparing necessary documentation and implementing required improvements. **7. Continuous Improvement & Research** + Stay up to date with the latest trends in cybersecurity, new threat vectors, and the evolving security landscape. + Participate in knowledge-sharing activities such as team training, mentoring junior engineers, and conducting security workshops. **Technical Requirements** **1. Hands-On Experience with Security Technologies** + **Network Security:** Deep knowledge of firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and advanced network segmentation. + **Identity & Access Management (IAM):** Experience with IAM solutions such as **Okta** , **Azure AD** , **Sailpoint** , and **LDAP** . + **Cloud Security:** Strong experience securing cloud environments like **AWS** , **Azure** , and **Google Cloud Platform (GCP)** . + **Endpoint & Data Security:** Familiarity with **DLP** , **endpoint security solutions** (e.g., SentinelOne, Tanium), and encryption standards. + **SIEM/Log Management:** Hands-on experience with **SIEM platforms** (e.g., Splunk) for security monitoring, log correlation, and threat detection. + **Vulnerability Management:** Experience with tools like **Tenable.io** , **Nessus** , or **Qualys** for continuous vulnerability assessments. **2. Knowledge of Security Frameworks** + Proficiency in implementing and adhering to security frameworks such as **NIST** , **ISO 27001** , **CIS** , **TOGAF** , and **SABSA** . + Experience in aligning security architecture with regulatory compliance standards (GDPR, HIPAA, PCI-DSS, SOX). **3. Security Certifications (Preferred)** + **Certified Information Systems Security Professional (CISSP)** + **Certified Cloud Security Professional (CCSP)** + **Certified Information Security Manager (CISM)** + **Certified Ethical Hacker (CEH)** + **AWS Certified Security – Specialty** + **Certified Information Systems Auditor (CISA)** **4. Programming & Automation** + Proficiency in one or more programming/scripting languages ( **Python** , **PowerShell** , **Bash** ) for automating security tasks. + Experience with **DevSecOps** practices and tools such as **Terraform** , **Chef, and code vulnerability scanners for SasT, DasT, IasT, and SCA** for integrating security into development pipelines. **Skills & Experience** + **Bachelor’s Degree** in Information Security, Computer Science, or related field (or equivalent work experience). + **5+ years** of experience in a security architecture or engineering role. + Expertise in **network security** , **cloud security** , **IAM** , and **SIEM** platforms. + Strong understanding of the **OWASP Top Ten** , **SANS Top 25** , and other common attack vectors. + Experience in **security risk management** , including conducting **risk assessments** and implementing **mitigations** . + Excellent problem-solving and analytical skills with a strong attention to detail. **Teamwork & Collaboration Expectations** + Work collaboratively with cross-functional teams (IT, software development, DevOps, compliance) to ensure security best practices are embedded in daily operations. + Provide **technical leadership** on security architecture-related projects and participate in security design reviews. + Mentor and guide **junior security engineers** , encouraging knowledge sharing and growth across the team. + Maintain a positive, solution-oriented attitude while working with other teams to balance security needs with business objectives. **Ability to Work Independently** + The Security Architecture Engineer must demonstrate the ability to **work autonomously** with minimal supervision, managing their time effectively across multiple projects. + Expected to **identify security gaps** in systems or processes proactively and take initiative in proposing and implementing solutions. + Capable of making sound decisions when under pressure, especially in the context of security incidents or time-sensitive projects. **Training & Development** **Ongoing Training:** + Stay current on emerging threats, security technologies, and best practices through self-paced learning and professional development. + Engage in regular **technical training** and **certification courses** to maintain knowledge in rapidly evolving areas such as **cloud security** , **machine learning in security** , and **zero-trust architecture** . + Attend cybersecurity conferences, webinars, and training events to stay informed on the latest security trends. **Internal Training:** + Participate in internal security awareness and skills training programs. + Provide training to other technical teams, promoting secure development practices and operational security. **Key Performance Indicators (KPIs)** + Success in security projects (implementation of new architecture frameworks, deployment of security tools). + Effectiveness in threat identification and mitigation efforts. + Compliance with security frameworks and regulatory requirements. + Positive feedback from team collaboration and cross-departmental partnerships. + Continuous improvement and contribution to company-wide security posture. **Chicago hybrid candidates referred but open to remote candidates.** **JOIN OUR TEAM** Do you believe in the power of innovation, collaboration, and transformation? Do you thrive in a supportive and client focused work environment? Are you looking for an opportunity to help build and drive change in a rapidly growing and evolving organization? When you join HUB, you will be part of a community of learners and doers focused on helping our leaders maximize the potential of their employees. Disclosure required under applicable municipal regulations in NY and NJ, as well as the law in Colorado: The expected salary range for this position is $125,000 to $140,000 and will be impacted by factors such as the successful candidate’s skills, experience and working location, as well as the specific position’s business line, scope and level. HUB International is proud to offer comprehensive benefit and total compensation packages which could include health/dental/vision/life/disability insurance, FSA, HSA and 401(k) accounts, paid-time-off benefits, and eligible bonuses, equity and commissions for some positions. Department Information Technology Required Experience: 5-7 years of relevant experience Required Travel: Negligible Required Education: Bachelor's degree (4-year degree) HUB International Limited is an equal opportunity and affirmative action employer that does not discriminate on the basis of race/ethnicity, national origin, religion, age, color, sex, sexual orientation, gender identity, disability or veteran's status, or any other characteristic protected by local, state or federal laws, rules or regulations. The EEO is the Law poster and its supplement is available here at http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm . EEOAA Policy (https://hubinternational.jobs/eeo/) E-Verify Program We endeavor to make this website accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the US Recruiting Team toll-free at (844) 300-9193 or USRecruiting@hubinternational.com . This contact information is for accommodation requests only; do not use this contact information to inquire about the status of applications.