On-Prem Security Architect

Key Responsibilities

• Design and oversee secure IT/OT network segmentation architectures to ensure isolation of critical production and operational environments.

• Develop and maintain secure configuration standards for Next-Generation Firewalls (NGFW) and enterprise network infrastructure.

• Design ransomware-resilient backup architectures ensuring business continuity and compliance with NIS2 requirements.

• Lead the implementation and standardization of Network Access Control (NAC) solutions across the organization.

• Implement and supervise AI-driven systems for predictive anomaly detection and incident identification within on-premises environments.

• Secure physical compute infrastructure, including GPU clusters and servers used for training and hosting local AI/LLM models.

• Perform threat modeling for on-premises infrastructure and propose appropriate technical security controls and mitigations.

• Collaborate with IT teams to remediate critical vulnerabilities in local systems based on risk analysis and security assessments.

Requirements

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related technical discipline.

• Minimum 5 years of experience in a similar cybersecurity or infrastructure security role.

• Advanced expertise in network security technologies, including NGFW platforms such as Palo Alto and Fortinet, as well as secure IT/OT segmentation design.

• Expert-level knowledge of securing Windows and Linux server environments, including protection of legacy infrastructure.

• Hands-on experience implementing and optimizing endpoint protection solutions (EDR/Antivirus) and Network Access Control (NAC) systems.

• Practical understanding of immutable backup architectures and Public Key Infrastructure (PKI) management.

• Knowledge of emerging AI-related threats and security considerations for physical compute infrastructure supporting local LLM environments.

• Strong English communication skills.

Nice to Have

• Industry certifications related to network security, infrastructure security, or cybersecurity architecture.

• Experience working in regulated or critical infrastructure environments.