Security Architect
About the Role
We are seeking a hands-on Firewall Security Architect to design, implement, and operate Armada’s firewall and network security platforms across core, edge, and distributed environments. This role owns firewall architecture, policy design, segmentation, and deep technical troubleshooting for high-risk and high-performance environments, including GPU-accelerated workloads.
This role combines architecture ownership with hands-on implementation. The Firewall Security Architect will actively design firewall topologies, build and validate rulesets, troubleshoot complex traffic flows, and partner with engineering teams to secure production systems at scale.
Location. US remote
What You'll Do (Key Responsibilities)
Firewall Architecture
Design, deploy, and operate next-generation firewall architectures across:
Core and regional data centers
Edge and modular deployments
GPU and high-value compute environments
Build and maintainfirewall topologies including:
Centralized and distributed firewall models
Inline, routed, and transparent firewall deployments
Active/active and active/passive HA designs
Perform hands-on configuration of:
Firewall interfaces, zones, and virtual systems / VDOMs
Routing integration and asymmetric traffic handling
High-availability, failover, and state synchronization
Validate firewall designs through testing, failover simulation, and performance benchmarking.
Firewall Policy, Segmentation & Traffic Control
Design, implement, and maintainfirewall policy frameworks:
Implement segmentation strategies to isolate:
Actively manage and review firewall policies to prevent:
Perform traffic flow analysis and packet-level validation to confirm enforcement.
Advanced Traffic Inspection & Troubleshooting
Perform deep technical troubleshooting
Diagnose and resolve:
Asymmetric routing and return-path issues
MTU, fragmentation, and TCP performance problems
East–west traffic inspection challenges
Troubleshoot performance impacts related to:
High-throughput GPU traffic
Microbursts and congestion
Tune firewall performance to balance security, latency, and throughput.
Zero Trust & Secure Access Enforcement
Implement Zero Trust concepts directly in firewall policy and architecture.
Enforce strong trust boundaries between:
Users, services, and platforms
Internal zones and external access paths
Integrate firewall enforcement with identity and access models where applicable.
Design secure remote access, VPN, and private connectivity solutions.
GPU & High-Performance Environment Security
Design and secure firewall architectures for GPU clusters and accelerated workloads.
Protect high-value compute and data paths without degrading performance.
Implement inspection strategies appropriate for high-bandwidth east–west traffic.
Partner with compute and platform teams during:
GPU cluster bring-up
Expansion and scaling
Performance troubleshooting
Operational Support & Escalation (L3/L4)
Serve as the highest technical escalation point for firewall-related incidents.
Support major incidents by:
Performing live troubleshooting
Validating traffic paths and policy behavior
Drive root cause analysis and implement permanent corrective actions.
Support change planning, maintenance windows, and post-change validation.
Tooling, Automation & Standards
Build and maintainfirewall templates, standards, and reusable configurations.
Automate firewall deployments, policy validation, and audits where possible.
Define logging, telemetry, and visibility requirements for firewall platforms.
Continuously improve firewall reliability, security posture, and operational efficiency.
What Success Looks Like
Firewall architectures are secure, performant, and resilient in production.
Segmentation is consistently enforced with minimal exceptions.
GPU and high-value environments remain protected without performance degradation.
Firewall-related incidents are resolved quickly with clear root cause.
Policy changes are predictable, auditable, and low-risk.
Engineering teams trust firewall platforms instead of working around them.
Required Qualifications:
US Citizenship
10+ years experience in firewall, network security, or security engineering roles.
Hands-on expertise with next-generation firewall platforms.
Proven experience designing and operating:
Complex firewallrulebases
HA and large-scale firewall environments
Strong understanding of:
TCP/IP, routing, and traffic flows
East–west and north–south security models
Zero Trust and least-privilege enforcement
Demonstrated ability to troubleshoot production incidents at packet level.
Strong documentation and communication skills.
Preferred Qualifications:
Experience securing GPU, AI/ML, or high-performance compute environments.
Expertise with platforms such as Fortinet, Palo Alto, Juniper SRX, or similar.
Certifications such as PCNSE, NSE 7, CCIE Security, or equivalent experience.
Automation or scripting experience (Python, Ansible, APIs).
Experience in regulated or high-assurance environments.
Citizenship Requirements
For select roles, due to the nature of our clientele and the technologies involved, there may be specific nationality or citizenship indicated in the required qualifications section. These roles may involve access to sensitive information that is subject to export control regulations or other legal restrictions. In such cases, employment offers will be contingent upon your ability to comply with these requirements.
Compensation
For U.S. Based candidates: To ensure fairness and transparency, the starting base salary range for this role for candidates in the U.S. are listed below, varying based on location experience, skills, and qualifications.
In addition to base salary, this role will also be offered equity and subsidized benefits (details available upon request).
Benefits
Competitive base salary and equity
Medical, dental, and vision (subsidized cost)
Health savings accounts (HSA), flexible spending accounts (FSA), and dependent care FSAs (DCFSA)
Retirement plan options, including 401(k) and Roth 401(k)
Unlimited paid time off (PTO)
15 paid company holidays per year
#LI-ST1
#LI-Remote
#596
Compensation
$137,040—$171,300 USD
About the job
Apply for this position
Security Architect
About the Role
We are seeking a hands-on Firewall Security Architect to design, implement, and operate Armada’s firewall and network security platforms across core, edge, and distributed environments. This role owns firewall architecture, policy design, segmentation, and deep technical troubleshooting for high-risk and high-performance environments, including GPU-accelerated workloads.
This role combines architecture ownership with hands-on implementation. The Firewall Security Architect will actively design firewall topologies, build and validate rulesets, troubleshoot complex traffic flows, and partner with engineering teams to secure production systems at scale.
Location. US remote
What You'll Do (Key Responsibilities)
Firewall Architecture
Design, deploy, and operate next-generation firewall architectures across:
Core and regional data centers
Edge and modular deployments
GPU and high-value compute environments
Build and maintainfirewall topologies including:
Centralized and distributed firewall models
Inline, routed, and transparent firewall deployments
Active/active and active/passive HA designs
Perform hands-on configuration of:
Firewall interfaces, zones, and virtual systems / VDOMs
Routing integration and asymmetric traffic handling
High-availability, failover, and state synchronization
Validate firewall designs through testing, failover simulation, and performance benchmarking.
Firewall Policy, Segmentation & Traffic Control
Design, implement, and maintainfirewall policy frameworks:
Implement segmentation strategies to isolate:
Actively manage and review firewall policies to prevent:
Perform traffic flow analysis and packet-level validation to confirm enforcement.
Advanced Traffic Inspection & Troubleshooting
Perform deep technical troubleshooting
Diagnose and resolve:
Asymmetric routing and return-path issues
MTU, fragmentation, and TCP performance problems
East–west traffic inspection challenges
Troubleshoot performance impacts related to:
High-throughput GPU traffic
Microbursts and congestion
Tune firewall performance to balance security, latency, and throughput.
Zero Trust & Secure Access Enforcement
Implement Zero Trust concepts directly in firewall policy and architecture.
Enforce strong trust boundaries between:
Users, services, and platforms
Internal zones and external access paths
Integrate firewall enforcement with identity and access models where applicable.
Design secure remote access, VPN, and private connectivity solutions.
GPU & High-Performance Environment Security
Design and secure firewall architectures for GPU clusters and accelerated workloads.
Protect high-value compute and data paths without degrading performance.
Implement inspection strategies appropriate for high-bandwidth east–west traffic.
Partner with compute and platform teams during:
GPU cluster bring-up
Expansion and scaling
Performance troubleshooting
Operational Support & Escalation (L3/L4)
Serve as the highest technical escalation point for firewall-related incidents.
Support major incidents by:
Performing live troubleshooting
Validating traffic paths and policy behavior
Drive root cause analysis and implement permanent corrective actions.
Support change planning, maintenance windows, and post-change validation.
Tooling, Automation & Standards
Build and maintainfirewall templates, standards, and reusable configurations.
Automate firewall deployments, policy validation, and audits where possible.
Define logging, telemetry, and visibility requirements for firewall platforms.
Continuously improve firewall reliability, security posture, and operational efficiency.
What Success Looks Like
Firewall architectures are secure, performant, and resilient in production.
Segmentation is consistently enforced with minimal exceptions.
GPU and high-value environments remain protected without performance degradation.
Firewall-related incidents are resolved quickly with clear root cause.
Policy changes are predictable, auditable, and low-risk.
Engineering teams trust firewall platforms instead of working around them.
Required Qualifications:
US Citizenship
10+ years experience in firewall, network security, or security engineering roles.
Hands-on expertise with next-generation firewall platforms.
Proven experience designing and operating:
Complex firewallrulebases
HA and large-scale firewall environments
Strong understanding of:
TCP/IP, routing, and traffic flows
East–west and north–south security models
Zero Trust and least-privilege enforcement
Demonstrated ability to troubleshoot production incidents at packet level.
Strong documentation and communication skills.
Preferred Qualifications:
Experience securing GPU, AI/ML, or high-performance compute environments.
Expertise with platforms such as Fortinet, Palo Alto, Juniper SRX, or similar.
Certifications such as PCNSE, NSE 7, CCIE Security, or equivalent experience.
Automation or scripting experience (Python, Ansible, APIs).
Experience in regulated or high-assurance environments.
Citizenship Requirements
For select roles, due to the nature of our clientele and the technologies involved, there may be specific nationality or citizenship indicated in the required qualifications section. These roles may involve access to sensitive information that is subject to export control regulations or other legal restrictions. In such cases, employment offers will be contingent upon your ability to comply with these requirements.
Compensation
For U.S. Based candidates: To ensure fairness and transparency, the starting base salary range for this role for candidates in the U.S. are listed below, varying based on location experience, skills, and qualifications.
In addition to base salary, this role will also be offered equity and subsidized benefits (details available upon request).
Benefits
Competitive base salary and equity
Medical, dental, and vision (subsidized cost)
Health savings accounts (HSA), flexible spending accounts (FSA), and dependent care FSAs (DCFSA)
Retirement plan options, including 401(k) and Roth 401(k)
Unlimited paid time off (PTO)
15 paid company holidays per year
#LI-ST1
#LI-Remote
#596
Compensation
$137,040—$171,300 USD