Security Architect

About the Role

We are seeking a hands-on Firewall Security Architect to design, implement, and operate Armada’s firewall and network security platforms across core, edge, and distributed environments. This role owns firewall architecture, policy design, segmentation, and deep technical troubleshooting for high-risk and high-performance environments, including GPU-accelerated workloads.

This role combines architecture ownership with hands-on implementation. The Firewall Security Architect will actively design firewall topologies, build and validate rulesets, troubleshoot complex traffic flows, and partner with engineering teams to secure production systems at scale.

Location. US remote

What You'll Do (Key Responsibilities)

Firewall Architecture

• Design, deploy, and operate next-generation firewall architectures across:
• Core and regional data centers
• Edge and modular deployments
• GPU and high-value compute environments
• Build and maintainfirewall topologies including:
• Centralized and distributed firewall models
• Inline, routed, and transparent firewall deployments
• Active/active and active/passive HA designs
• Perform hands-on configuration of:
• Firewall interfaces, zones, and virtual systems / VDOMs
• Routing integration and asymmetric traffic handling
• High-availability, failover, and state synchronization
• Validate firewall designs through testing, failover simulation, and performance benchmarking.

Firewall Policy, Segmentation & Traffic Control

• Design, implement, and maintainfirewall policy frameworks:
• Implement segmentation strategies to isolate:
• Actively manage and review firewall policies to prevent:
• Perform traffic flow analysis and packet-level validation to confirm enforcement.

Advanced Traffic Inspection & Troubleshooting

• Perform deep technical troubleshooting
• Diagnose and resolve:
• Asymmetric routing and return-path issues
• MTU, fragmentation, and TCP performance problems
• East–west traffic inspection challenges
• Troubleshoot performance impacts related to:
• High-throughput GPU traffic
• Microbursts and congestion
• Tune firewall performance to balance security, latency, and throughput.

Zero Trust & Secure Access Enforcement

• Implement Zero Trust concepts directly in firewall policy and architecture.
• Enforce strong trust boundaries between:
• Users, services, and platforms
• Internal zones and external access paths
• Integrate firewall enforcement with identity and access models where applicable.
• Design secure remote access, VPN, and private connectivity solutions.

GPU & High-Performance Environment Security

• Design and secure firewall architectures for GPU clusters and accelerated workloads.
• Protect high-value compute and data paths without degrading performance.
• Implement inspection strategies appropriate for high-bandwidth east–west traffic.
• Partner with compute and platform teams during:
• GPU cluster bring-up
• Expansion and scaling
• Performance troubleshooting

Operational Support & Escalation (L3/L4)

• Serve as the highest technical escalation point for firewall-related incidents.
• Support major incidents by:
• Performing live troubleshooting
• Validating traffic paths and policy behavior
• Drive root cause analysis and implement permanent corrective actions.
• Support change planning, maintenance windows, and post-change validation.

Tooling, Automation & Standards

• Build and maintainfirewall templates, standards, and reusable configurations.
• Automate firewall deployments, policy validation, and audits where possible.
• Define logging, telemetry, and visibility requirements for firewall platforms.
• Continuously improve firewall reliability, security posture, and operational efficiency.

What Success Looks Like

• Firewall architectures are secure, performant, and resilient in production.
• Segmentation is consistently enforced with minimal exceptions.
• GPU and high-value environments remain protected without performance degradation.
• Firewall-related incidents are resolved quickly with clear root cause.
• Policy changes are predictable, auditable, and low-risk.
• Engineering teams trust firewall platforms instead of working around them.

Required Qualifications:

• US Citizenship
• 10+ years experience in firewall, network security, or security engineering roles.
• Hands-on expertise with next-generation firewall platforms.
• Proven experience designing and operating:
• Complex firewallrulebases
• HA and large-scale firewall environments
• Strong understanding of:
• TCP/IP, routing, and traffic flows
• East–west and north–south security models
• Zero Trust and least-privilege enforcement
• Demonstrated ability to troubleshoot production incidents at packet level.
• Strong documentation and communication skills.

Preferred Qualifications:

• Experience securing GPU, AI/ML, or high-performance compute environments.
• Expertise with platforms such as Fortinet, Palo Alto, Juniper SRX, or similar.
• Certifications such as PCNSE, NSE 7, CCIE Security, or equivalent experience.
• Automation or scripting experience (Python, Ansible, APIs).
• Experience in regulated or high-assurance environments.

Citizenship Requirements

For select roles, due to the nature of our clientele and the technologies involved, there may be specific nationality or citizenship indicated in the required qualifications section. These roles may involve access to sensitive information that is subject to export control regulations or other legal restrictions. In such cases, employment offers will be contingent upon your ability to comply with these requirements.

Compensation

For U.S. Based candidates: To ensure fairness and transparency, the starting base salary range for this role for candidates in the U.S. are listed below, varying based on location experience, skills, and qualifications.

In addition to base salary, this role will also be offered equity and subsidized benefits (details available upon request).

Benefits

• Competitive base salary and equity
• Medical, dental, and vision (subsidized cost)
• Health savings accounts (HSA), flexible spending accounts (FSA), and dependent care FSAs (DCFSA)
• Retirement plan options, including 401(k) and Roth 401(k)
• Unlimited paid time off (PTO)
• 15 paid company holidays per year

#LI-ST1

#LI-Remote

#596