Principal Security Architect

Boston, MAFull-TimeStaffOther

You will be redirected to the company career page

This is a hands-on leadership role that influences global security architecture, mentors’ engineers, and collaborates with cross-functional teams to protect our digital assets at scale.

Lead the design and evolution of security controls across hybrid cloud and on-prem environments.
Architect and implement network segmentation, next-gen firewall policies, and zero-trust access models.
Define secure connectivity strategies across WAN, remote access, data centers, and cloud networks.

Serve as SME for Palo Alto Networks firewalls, Prisma Access, and Panorama.
Lead security configuration, lifecycle management, and policy enforcement on Cisco security platforms (ASA, ISE, Firepower, Umbrella).
Harden security for multi-cloud platforms (AWS, Azure, GCP) including IAM, VPCs, firewalls, and API security.

Lead threat detection and response for network and infrastructure incidents.
Collaborate with SOC, GRC, and infrastructure teams to close security gaps and maintain compliance.
Continuously improve security monitoring, alerting, and forensics capabilities.

Integrate security into CI/CD pipelines and infrastructure provisioning via Terraform, Ansible, or Python.
Automate security posture checks and drift detection in public cloud and data center environments.
Work with vulnerability management platforms and integrate findings into remediation workflows.

Define security baselines and configuration standards for networking and infrastructure teams.
Ensure compliance with frameworks such as ISO 27001, NIST, CIS, and industry-specific requirements.
Participate in audits, risk assessments, and security reviews for new technologies and vendors.

10+ years of experience in infrastructure or network security, with 3+ years in a principal or lead role.
Deep expertise in Palo Alto Networks products and Cisco security platforms.
Strong understanding of cloud security architecture and native security tools in AWS, Azure, and/or GCP.
Experience securing on-premise and hybrid data centers, including virtualization and SDN technologies.
Proven experience designing and enforcing enterprise security policies across global networks.
Solid knowledge of routing/switching protocols (BGP, OSPF), VPNs, DNS security, and NAC.
Familiarity with SIEM, NDR, and EDR tools for detection and response.
Scripting/automation proficiency (Python, Bash, PowerShell, or IaC tools).

Certifications such as PCNSE, CISSP, CCNP Security, AWS/Azure Security Specialty.
Experience with identity federation (SAML, OAuth), secrets management, and PKI.
Background in segmentation frameworks (e.g., SCADA/ICS, OT security), or data loss prevention (DLP).
Experience in DevSecOps or cloud-native security tooling.
We are an equal-opportunity employer and do not discriminate because of race, color, religion, sex, national origin, ancestry, marital status, veteran status, age, disability, sexual orientation or gender identity or expression or any other legally protected category. InterSystems is an E-Verify Employer in the United States.
InterSystems is providing a current good faith estimate of the anticipated base salary range for this position depending on a variety of factors including experience, education, skills, and performance.
Other compensation may include a discretionary annual variable target incentive.
The company also provides generous employee benefits including:
Medical, vision, and dental insurance
Short-term and long-term disability, and life insurance
401(k) Profit Sharing Contribution
Paid Time Off and Holidays
Parental Leave
Tuition reimbursement