Haystack
← Back to Jobs
Remote
Administrative

Senior Security Architect/Engineer

Dice Talent & Staffing SolutionsDenver, CO🇺🇸United StatesPosted 17 Jul 2026

Quick Overview

Work Type
Remote
Level
Mid Senior

Job Description

NOTE:

  • Must be authorized to work in the United States without current or future employer sponsorship.
  • Must be located in the greater Denver area. This position will work remotely, but there will be occasional days on site in downtown Denver
  • No C2C please

Senior Security Engineer / Architect

Denver, CO | Information Security | Full-Time

About the Role

We are hiring a Senior Security Engineer / Architect to serve as the principal technical authority for information security and the Chief Information Security Officer's most trusted technical partner. Reporting directly to the CISO, this individual translates security strategy into architecture, capability, and operational reality, owning the technical blueprint that protects the organization's most confidential and sensitive information.

This is a high-visibility, high-trust position for a seasoned practitioner ready to operate as the organization's go-to technical expert across detection engineering, incident response, and security architecture. You will shape the technical roadmap, lead engineering execution behind the security strategy, and influence how security investments are used. You will serve as the lead technical voice during incidents, mentor the broader team, and support the CISO in representing security capabilities to clients, regulators, and auditors.

This is the senior-most individual contributor role on the security team. It is a net-new position built around technical strategy and implementation leadership rather than people management, and it carries the influence, autonomy, and expectations that come with that distinction. There is no direct report responsibility, though the role includes program management and mentorship of other engineers and analysts.

Essential Duties and Responsibilities

Security Architecture and Strategy

  • Provide architectural oversight across the security stack, ensuring identity, endpoint, network, data, and cloud controls are designed and implemented coherently and in line with best practices.
  • Own the design, deployment, and continuous improvement of security controls across Microsoft Entra ID, Conditional Access, Azure, and the broader Microsoft Defender suite (Endpoint, Identity, Cloud, Cloud Apps), driving full utilization of licensed protections and staying current with Microsoft's evolving security platform.
  • Serve as the CISO's primary technical advisor on security design, investment, and risk decisions; partner on business case development and contribute to executive presentation of major initiatives.
  • Lead technical evaluation of security technologies, including proof-of-concept design and vendor assessment, developing recommendations that inform decisions on the security stack.
  • Partner with infrastructure, identity, and application teams to embed security into every project lifecycle, leading design reviews, threat modeling, and risk-based recommendations.

Detection and Response Engineering

  • Own the detection engineering lifecycle in the enterprise SIEM platform: develop, tune, and retire analytics rules; build and refine workbooks; curate connectors and data sources for high-fidelity visibility.
  • Design and implement User and Entity Behavior Analytics (UEBA), baselining normal activity for users, service accounts, and entities, and tuning anomaly detections to surface meaningful risk while minimizing analyst fatigue.
  • Set strategy for SIEM log onboarding, parsers, filters, and ingestion pipelines, balancing signal fidelity against cost and aligning telemetry with detection priorities.
  • Build and curate advanced KQL libraries, hunting notebooks, and automations (Logic Apps, playbooks, SOAR-style workflows) that elevate the team's capability and accelerate triage, enrichment, and response.
  • Continuously benchmark detection coverage against current adversary tradecraft.

Threat Hunting and Threat Intelligence

  • Lead a proactive, hypothesis-driven threat hunting program: define methodology, set cadence, and own outcomes across endpoints, identity, email, cloud workloads, and SaaS, leveraging Sentinel, Defender XDR Advanced Hunting, and other tools.
  • Translate industry, sector, and geopolitical threat intelligence into actionable detections, hunts, and architectural improvements.
  • Mature the threat hunting program over time, ensuring documented hypotheses, tracked coverage gaps, and a durable feedback loop into detection engineering and architecture.

Incident Response and Resolution

  • Serve as the lead technical responder during significant security incidents, directing investigation, containment, eradication, and recovery under the CISO's overall incident leadership, partnering with an existing MDR provider and other external resources as appropriate.
  • Lead deep-dive forensic analysis across Microsoft 365, Entra ID, Azure, endpoints, email, and network telemetry; reconstruct attacker activity; produce clear, defensible findings for executive and client audiences.
  • Author and maintain incident response playbooks; co-lead tabletop exercises and after-action reviews; ensure lessons learned become durable engineering and architectural improvements.

Identity, Access, and Data Protection

  • Lead technical execution of the identity security strategy, guiding architectural decisions across Entra ID, including Conditional Access, Privileged Identity Management, Identity Protection, and risk-based authentication, aligned to a Zero Trust strategy.
  • Partner on the design and operation of data protection controls such as Microsoft Purview information protection, DLP, insider risk management, and eDiscovery.
  • Drive secure configuration baselines for Microsoft 365 and Azure workloads, including CIS benchmarks, Microsoft Secure Score, and organization-specific hardening standards.

Program Leadership and Mentorship

  • Serve as the senior technical voice within the security team; mentor analysts and engineers, raise the bar on detection, hunting, and response, and contribute to hiring decisions for the function.
  • Support the CISO in client security reviews, third-party audits, and regulatory inquiries; act as a primary technical voice during high-stakes external engagements.
  • Help shape the organization's security culture through clear, credible communication with non-technical audiences.

Required and Preferred Qualifications

  • Ten or more years of progressive experience in information security, including substantial time as a senior individual contributor in security engineering, detection engineering, or threat analysis roles.
  • Relevant certifications are valued and, in some cases, may substitute for portions of the experience requirements: CISSP, GCIH, GCDA, GCFA, OSCP, and/or Microsoft certifications such as SC-100/200/300 and AZ-500.
  • A documented track record of leading security architecture and detection engineering initiatives end-to-end with measurable improvements to an organization's security posture.
  • Deep, hands-on mastery of the Microsoft enterprise security stack, including Entra ID, Conditional Access, Microsoft 365, Azure, Microsoft Sentinel, and the Microsoft Defender suite.
  • Demonstrated experience setting detection engineering strategy in a modern SIEM, including authoring and tuning high-fidelity analytics rules, implementing and tuning UEBA, and managing log sources and ingestion economics at scale; advanced proficiency with KQL is required.
  • Proven experience serving as the lead technical responder or incident commander on significant security incidents, including investigations spanning cloud identity, email, endpoints, and SaaS.
  • Fluency with adversary tradecraft and frameworks including MITRE ATT&CK, the cyber kill chain, and Zero Trust architectural principles.
  • Recognized strength across core security architecture domains: identity, endpoint, network, email, data protection, and cloud security.
  • Scripting and automation depth in PowerShell and at least one general-purpose language (Python preferred) for detection, enrichment, response, and analytics workflows.
  • Sound judgment, discretion, and the ability to handle highly confidential information with care.
  • Exceptional written and verbal communication skills.
  • Must be based in or willing to relocate to the Denver area; fully remote work is not available, but on-site presence is not required day to day.
  • Must be authorized to work in the United States without current or future employer sponsorship.

Similar jobs