Technology Cyber Security Architect

Technology Cyber Security Architect

Cooley is seeking a Cyber Security Architect to join the technology team.

Cooley Technology embraces a culture of customer service excellence, and all members of the department are expected to move this agenda forward. To that end, the Cyber Security Architect will work to maintain and monitor the security practices and systems implemented by the firm. The Cyber Security Architect will proactively identify and mitigate cyber threats to protect our organization's assets with a focus on emerging technologies and artificial intelligence (AI) security.

Working collaboratively with Technology and Innovation teams, the position will design advanced security architecture and threat detection techniques. Specific duties and responsibilities include, but are not limited to, the following:

• Design and maintain enterprise security architecture across on-premises, hybrid, and AI-enabled environments
• Define security standards, patterns, and reference architectures aligned with business objectives and regulatory requirements
• Conduct security architecture reviews for new systems, applications, AI/ML platforms, and major technology changes
• Partner with engineering, infrastructure, Dev Ops, and data teams to embed security, privacy, and governance into system design and delivery
• Design security controls for AI and ML systems, including data pipelines, model training environments, inference platforms, and AI integrations
• Identify and mitigate risks related to AI systems, such as data leakage, model poisoning, prompt injection, and adversarial attacks
• Evaluate and recommend security tools, platforms, and AI-enabled security technologies
• Ensure architectures comply with applicable legal, regulatory, and industry frameworks (e.g., NIST, ISO 27001, SOC 2, GDPR, emerging AI regulations)
• Establish guardrails for responsible and secure use of generative AI and large language models, including access controls, monitoring, logging, and auditability
• Support incident response, forensic investigations, and post-incident architecture improvements
• Provide guidance and mentorship to security engineers and other technical stakeholders
• Communicate architectural decisions and security risks clearly to technical and non-technical audiences, including senior leadership
• Required to participate in a 7x24 on‑call rotation
• All other duties as assigned or required

• After orientation at Cooley LLP, exhibit proficiency in the Microsoft Office suite, iManage and other firm applications
• Ability to work extended and/or weekend hours, as required
• Ability to travel, as required
• 3+ years direct applicable experience (e.g., cybersecurity, infrastructure, or systems architecture). Senior level candidates considered with 5+ years direct applicable experience.
• Strong knowledge of network security, identity and access management (IAM), encryption, and endpoint security
• Ability to translate business requirements into secure technical designs
• Extensive knowledge and experience with the configuration of security controls and secure migration of enterprise applications
• Experience with implementing security tools and architecture such as:
• Access Controls
• Data Loss Prevention (DLP)
• Web Application Firewalls (WAF)
• Secure SDLC and Software Security
• Firewalls
• Anti-malware and anomaly detection controls
• Data encryption in transit and at rest
• Network security
• Monitoring
• Experience with a formal requirements definition

• Bachelor's Degree in Information Technology, Computer Information Systems, Computer Science, Information Security, or related discipline
• Familiarity with security frameworks and best practices (NIST CSF, Mitre ATT&CK, Zero Trust, OWASP, emerging AI regulations)
• Familiarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.)
• Experience with incident response procedures
• Working knowledge of securing AI-enabled applications and services, including data access controls, model integration, and API security
• Experience applying existing security frameworks and controls to emerging technologies, including AI and automation platforms
• Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms
• Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams
• Solid knowledge and understanding of security regulations and best practices such as the ISO 27000 family of standards
• Solid knowledge and understanding of systems development life cycle (SDLC)
• Demonstrated experience translating business requirements into architectural deliverables and technical specifications
• Demonstrated experience communicating technical information to business clients and less experienced technologists
• CISSP, CISM or equivalent
• Experience with CI/CD pipelines
• Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP)
• Cloud Security Alliance (CCSP, CCSK) (ISC)2
• Additional…