SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 85001, Phoenix, AZ
  3. Senior IT Security Architect

Senior IT Security Architect

Sprouts Farmers Market
Posted 9 days ago, valid for 15 days
Location

Phoenix, AZ 85001, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • The Sr. IT Security Architect position is based in Phoenix, AZ, and requires 10+ years of enterprise security architecture experience, with 3+ years specifically in Azure security architecture.
  • The role involves leading security architecture initiatives, mentoring security engineers, and making architectural decisions that align with compliance regulations like NIST CSF and PCI-DSS.
  • Key responsibilities include designing security architecture for various platforms, authoring reference documents, and ensuring implementable and testable designs.
  • Candidates should possess a Bachelor's degree in a related field and have expert-level experience with security frameworks, identity architecture, and various security tools.
  • The salary for this position is competitive, reflecting the high level of expertise and experience required.
Overview

Please note this position is based in our Phoenix, AZ Support Office.Ā  The Sr. IT Security Architect is the lead technical architect for Sproutsā€™ IT Security program, designing and driving security architecture across the enterprise.

Ā 

The Sr. IT Security Architect mentors security engineers and analysts, leads through influence across infrastructure, network, cloud, and application teams, and carries architectural decisions to the Architecture Review Board (ARB) with a recommended path. The role translates business, compliance, and regulatory requirements into concrete, implementable designs and standards that survive implementation and audit.

Ā 

Sprouts runs an Azure-first cloud stackā€”including Databricks, Synapse/Fabric, and Azure Virtual Desktopā€”alongside store systems, point-of-sale, and payment infrastructure under PCI-DSS. The role requires fluency across both. Architectural decisions align with NIST CSF, ISO 27001, CIS Controls, SOX, PCI-DSS, and applicable privacy regulations.

Ā 

Periodic after-hours or weekend work may be required to support security escalations or major incidents.


Overview of Responsibilities

Essential job functions

Ā· Author reference architecture and design documents across all security domains. Designs must be implementable, testable, and resistant to drift.

Ā· Lead security architecture positions at the Architecture Review Board (ARB). Define and enforce architectural gates for development-to-production progression. Present options, trade-offs, and a recommended path for each decision.

Ā· Lead complex, cross-functional security architecture initiatives of strategic importance to the organization. Advise senior leadership on security matters of significant impact, and provide input to department goals, planning, and budget priorities.

Ā· Design and govern Azure landing zones, managed identity patterns, Key Vault and private-endpoint baselines, CSPM policy, and Terraform/Bicep security guardrails. Lead security architecture for Databricks, Synapse, and Fabric data platforms, including data-lake segmentation and access control.

Ā· Design integration patterns for Microsoft Entra ID and Okta, conditional access, MFA strategy, B2C customer identity, Azure Virtual Desktop access, and BYOD access. Architect CrowdStrike Identity Protection integration with the identity estate.

Ā· Partner with network architecture on segmentation for headquarters and store environments, SASE/CASB/NPA architecture (Netskope), edge protection (Cloudflare), and vendor/BYOD network zones. Drive zero-trust maturity across corporate, retail, and cloud perimeters.

Ā· Set architectural direction for EDR/EPP/IDP (CrowdStrike), endpoint management (Tanium), CASB (Netskope), and email security (Proofpoint). Guide the decommissioning of legacy platforms and the onboarding of replacements.

Ā· Design DLP, data classification (BigID), consent management, and data retention patterns. Govern the security and privacy architecture of AI platforms, vendors, and internal AI tooling, including model-training and data-handling terms.

Ā· Support vendor risk assessments, review SOC 2 Type 2 reports, evaluate vendor SSO/SCIM/RBAC/audit-logging, and author SDLC security standards (secrets management, logging baselines, secure deployment patterns).

Ā· Design security architecture for store systems, point-of-sale, handheld devices, and third-party store integrations. Ensure PCI-DSS alignment across applicable environments.

Ā· Draft and maintain architectural standards and patterns: naming conventions, IaC security patterns, API gateway baselines, cloud tagging, and logging/compliance defaults.

Ā· Map architectural initiatives to NIST CSF (Govern, Identify, Protect, Detect, Respond, Recover), CIS Controls, SOX, and PCI-DSS, borrowing from ISO 27001 and other best practices where applicable. Contribute to security policies and standards.

Ā· Provide guidance, coaching, and training in security architecture across the Company within area of expertise ā€” to security engineers and analysts as well as partners in infrastructure, network, cloud, and application teams.

Ā· Participate in root cause analysis and architectural remediation for incidents, breaches, and HR/Legal investigations. Translate lessons learned into architectural changes.

Ā· Comply with and contribute to change control, development lifecycle, and release management policies. Ensure architectural changes are represented at CAB and documented appropriately.

Ā 


Qualifications

Knowledge Skills & Abilities

Ā· Bachelorā€™s degree in Computer Science, Information Technology, Engineering, or equivalent experience in a related discipline.

Ā· 10+ years of enterprise security architecture experience spanning cloud, identity, network, endpoint, application, and data security.

Ā· 3+ years of hands-on Azure security architecture: landing zones, Key Vault, managed identity, private endpoints, Microsoft Sentinel, and Azure-native data platforms (Databricks, Synapse, Fabric).

Ā· Deep identity architecture experience with core protocols (OAuth/OIDC, SAML, SCIM, federation), conditional access, MFA strategy, and B2C customer identity. Hands-on experience with Microsoft Entra ID and Okta preferred.

Ā· Expert-level experience with EDR/EPP and Identity Protection platforms (CrowdStrike preferred).

Ā· Expert-level experience with enterprise DLP, data classification (e.g., BigID), and CASB/SASE architecture (Netskope preferred).

Ā· Expert-level experience with enterprise email security (Proofpoint preferred) and edge protection (Cloudflare preferred).

Ā· Working experience with Infrastructure-as-Code security: Terraform and/or Bicep, policy-as-code, and CSPM platforms.

Ā· Fluency with security and compliance frameworks: NIST CSF, CIS Controls, PCI-DSS, SOX, and applicable privacy regulations (CCPA).

Ā· Retail, PCI, and store-systems experience strongly preferred (POS, payment, store network, third-party retail integrations).

Ā· CISSP, CCSP, or equivalent security certification required.

Ā· Demonstrated track record of authoring architecture documentation that survives review, implementation, and audit.

Ā· Proficiency with monitoring, logging, change management, and CMDB tooling (ServiceNow experience a plus).



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

Ā© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & ConditionsĀ |Ā Privacy PolicyĀ |Ā Browse Jobs