Security Architect; Data

Chief Security Architect (Data)

Onsite 5 days a week in Rochester, NY, the Chief Security Architect (Data) is the senior technical authority responsible for defining and governing the cybersecurity architecture for energy utility data, network, and grid‑adjacent environments, including Advanced Metering Infrastructure (AMI), Distributed Energy Resources (DER), and private utility WANs.

This role requires deep expertise in large‑scale networking (switching, routing, WAN, transport) combined with cybersecurity architecture and risk assessment, with a strong understanding of IT/OT boundaries, grid modernization, and utility operational risk. The position plays a critical role in ensuring secure, resilient, and compliant architectures that support grid reliability, customer data protection, and regulatory expectations.

• Define and maintain the enterprise security architecture for:
• Utility data centers
• Private utility WANs
• AMI head‑end and meter data management systems (MDMS)
• DER and grid‑edge integration platforms
• Establish architectural standards that enforce:
• IT/OT separation
• Secure utility demarcation points
• Controlled ingress/egress between enterprise, AMI, and operational zones

• Lead security architecture reviews for:
• AMI networks (RF mesh, cellular, fiber‑backed aggregation)
• AMI head‑end systems and MDMS platforms
• DER integrations (solar, storage, EV charging, microgrids)
• Ensure secure integration of:
• Third‑party DER aggregators
• Cloud‑hosted AMI and analytics platforms
• Define security controls to mitigate:
• Lateral movement from AMI into enterprise or OT systems
• Unauthorized DER command and control
• Supply‑chain and vendor access risks

• Provide hands‑on architectural leadership for:
• Datacenter switching and routing
• Utility private WAN and carrier connectivity
• Inter‑data‑center and regional transport networks
• Design and review architecture leveraging:
• Cisco Nexus (NX‑OS, EVPN, VXLAN, ACI)
• Nokia (SR OS, IP/MPLS, Service Routers)
• Ciena (optical transport, DCI, coherent optics)
• Embed security into:
• BGP, OSPF, IS‑IS, MPLS, EVPN
• AMI backhaul and aggregation networks
• Utility‑owned and leased transport circuits

• Conduct formal cybersecurity architecture reviews for:
• AMI expansions
• DER onboarding initiatives
• New private and cloud connectivity
• Perform:
• Threat modeling specific to utility attack scenarios
• Attack‑path and lateral movement analysis
• Control effectiveness assessments
• Identify architectural risks related to:
• Improper zone termination
• Inadequate segmentation
• Over‑trust of vendor‑managed systems
• Provide risk‑based remediation guided by operational realities

• Define segmentation strategies aligned to utility environments:
• Enterprise IT
• AMI / Grid Edge
• OT / Control Systems
• Ensure security architectures support:
• Zero Trust principles where applicable
• Strong identity, authentication, and authorization
• Define monitoring and visibility requirements for:
• AMI traffic
• DER command‑and‑control paths
• Inter‑zone communications
• Ensure integration with:
• SIEM
• Network Detection & Response (NDR)
• Flow telemetry (Net Flow, IPFIX)

• Support compliance and audit activities related to:
• Utility cybersecurity regulations and standards
• Internal and external security assessments
• Act as a technical liaison between:
• IT security
• OT engineering
• Grid operations
• Regulatory and compliance teams

• Serve as the senior technical authority for cybersecurity architecture
• Mentor senior architects and engineers across IT, OT, and network domains.
• Influence technology strategy while remaining hands‑on and technically credible.

• 10+ years in networking, infrastructure, and security architecture.
• Deep hands‑on expertise with:
• Cisco Nexus (9K, NX‑OS, EVPN, VXLAN)
• Nokia service routing and IP/MPLS
• Ciena optical and transport networking
• Proven experience designing and securing:
• Utility WANs
• AMI backhaul and aggregation networks
• Multi‑site, high‑availability architectures