Principal Consultant - Cyber Security Architect

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation.

At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.

We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.

We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.

The Principal Consultant: Secure Architecture Team Lead is a hands-on delivery leader and team manager who owns AHEAD's Zero Trust consulting capability and contributes technical architecture expertise to adjacent security offerings. This is not a single-domain specialist role. You will lead complex, cross-pillar security assessments and strategy engagements that span Identity, Device, Network, Applications and Workloads, and Data, using frameworks such as the CISA Zero Trust Maturity Model 2.0 to deliver evidence-based evaluations, maturity scoring, gap analysis, and prioritized roadmaps that clients can actually execute.

Beyond delivery, you are the connective tissue between AHEAD's Security practice and the broader organization. You will scope and solution multi-disciplinary engagements, coordinate specialist SMEs from across AHEAD's practices, close business alongside sales, and continuously mature the Zero Trust service portfolio. As AHEAD's service portfolio evolves, this role will also provide technical architecture and standards expertise to adjacent capabilities, including AI Security Governance, where the GRC team needs hands-on security architecture support to translate governance frameworks into implementable controls. You will also directly manage and develop a small team of consultants, setting quality standards and building bench depth in Zero Trust delivery.

This role requires someone who can credibly operate at the executive level with CISOs and CIOs, then turn around and lead a technical workshop on micro-segmentation, identity governance, or data classification with the same fluency. Depth in at least two Zero Trust pillars is expected; working knowledge across all five is required.

Core Responsibilities:
Zero Trust Assessment and Strategy

• Lead Zero Trust maturity assessments from scoping and discovery through current-state analysis, maturity scoring, gap analysis, roadmap development, and executive readout.

• Apply the CISA Zero Trust Maturity Model 2.0 (or comparable frameworks such as NIST SP 800-207, NIST CSF) to evaluate client posture across all five pillars and cross-cutting capabilities (Visibility and Analytics, Automation and Orchestration, Governance).

• Facilitate structured workshops and interviews with client stakeholders spanning identity, device, network, cloud/application, data security, and security operations functions.

• Synthesize complex, multi-domain findings into clear maturity scores, gap narratives, and prioritized initiative backlogs with sequencing logic, dependencies, and risk/impact context.

• Produce executive-ready deliverables: assessment reports, roadmaps, strategy presentations, and decision documentation that hold up to board-level scrutiny.

Cross-Pillar Security Architecture and Solutioning

• Solution and architect engagements that require depth across multiple cybersecurity disciplines, not just one pillar in isolation.

• Bring practical, implementable perspectives to Zero Trust strategy, connecting conceptual frameworks to real technology decisions (e.g., ZTNA/SASE, identity consolidation, micro-segmentation, data classification and protection, endpoint posture, SIEM/SOAR integration).

• Coordinate AHEAD specialist SMEs from Identity, Network Security, Cloud, Data, Cyber Resilience, and other practices to staff and deliver complex engagements that require the breadth of AHEAD's capabilities.

• Translate assessment findings into follow-on implementation opportunities and ensure continuity between advisory and delivery phases.

• Provide technical architecture and standards support for AI Security Governance engagements in partnership with AHEAD's GRC team, bridging the gap between governance policy and implementable security controls for AI systems (e.g., model access controls, data pipeline protections, AI supply chain risk, monitoring and observability for AI workloads).

Team Leadership and Development

• Directly manage and mentor a team of Associate and Senior Associate Technical Consultants within the Secure Architecture practice area.

• Set quality standards for deliverables, methodologies, and client engagement approaches.

• Conduct performance management, provide coaching, and support professional development and career progression for direct reports.

• Build bench depth by developing junior consultants' ability to lead assessment workstreams independently.

Business Development and Presales

• Act as the primary technical resource supporting Zero Trust and cross-pillar security sales pursuits, from initial discovery through proposal delivery and client presentations.

• Scope engagements, develop proposals and service briefs, estimate level of effort, and present to clients alongside sales specialists.

• Participate directly in closing deals, including executive-level client interactions to qualify needs, demonstrate capability, and build trust.

• Identify expansion opportunities within active engagements and translate them into follow-on work.

• Lead client discovery and visioning workshops that surface needs spanning multiple AHEAD practices.

Practice Development and Thought Leadership

• Own and continuously improve AHEAD's Zero Trust assessment methodology, service offerings, templates, and tooling.

• Develop and maintain service briefs, scoping tools, work breakdown structures, and delivery playbooks for Zero Trust and adjacent Secure Architecture engagements.

• Stay current on Zero Trust frameworks (CISA ZTMM, NIST, DoD ZT Reference Architecture), AI security standards (NIST AI RMF, ISO 42001), emerging technologies, and industry trends.

• Contribute thought leadership through internal knowledge sharing, client-facing content, and cross-practice collaboration.

• Identify opportunities to mature and expand the Secure Architecture portfolio, including new service offerings such as AI Security Governance and packaged solutions that leverage the team's cross-pillar expertise.

Required Qualifications:
• Minimum of 10 years of cybersecurity experience, with at least 5 years in a consulting or professional services delivery role.

• Demonstrated depth in at least two CISA Zero Trust pillars (Identity, Devices, Networks, Applications and Workloads, Data) with practical, working knowledge across all five.

• Hands-on experience leading Zero Trust assessments, security architecture reviews, or comparable multi-domain security strategy engagements in client environments.

• Strong understanding of Zero Trust frameworks and reference models: CISA ZTMM 2.0, NIST SP 800-207, or equivalent.

• Proven ability to lead complex, multi-workstream consulting engagements end to end, including scoping, delivery, and closeout.

• Experience managing or mentoring junior consultants and setting quality standards for a delivery team.

• Demonstrated business development capability: scoping, proposal development, client presentations, and direct participation in closing deals.

• Strong executive communication skills: able to whiteboard with engineers and present to CISOs/CIOs with equal confidence.

• Ability to produce high-quality written deliverables: assessment reports, architecture narratives, roadmaps, and executive summaries.

• 3 or more professional and/or technical certifications aligned to cybersecurity (e.g., CISSP, CCSP, CISM, CISA, relevant GIAC certifications, Microsoft Security certifications, cloud security certifications).

Preferred Qualifications:
• Experience with public cloud security architecture across AWS, Azure, and/or GCP.

• Familiarity with identity and access management platforms (Microsoft Entra ID, Active Directory, Okta, CyberArk, SailPoint) at an architectural level.

• Exposure to network security transformation (SASE, ZTNA, micro-segmentation) concepts and implementations.

• Experience with data security and classification technologies and frameworks.

• Background in security operations, SIEM/SOAR, or detection and response at a strategy or architecture level.

• Scripting or automation exposure (PowerShell, Python) to support analysis, reporting, or integration tasks.

• Prior experience at a consulting firm, systems integrator, or managed services provider.

• Advanced degree in cybersecurity, information technology, or related field.

• Familiarity with AI security risks and governance frameworks (e.g., NIST AI RMF, ISO 42001) and the ability to translate governance requirements into technical architecture decisions, security controls, and standards for AI/ML systems.

• Understanding of the Secure Software Development Lifecycle (SSDLC) end to end, from requirements and threat modeling through design, development, testing, deployment, and operations.

• Experience with Application Security Testing (AST) methodologies and tooling, including SAST, DAST, SCA, and IAST, and how they integrate into CI/CD pipelines.

• Familiarity with secure coding standards, code review practices, and developer-facing security guidance.

• Knowledge of application security controls such as input validation, authentication/authorization patterns, secrets management, API security, and secure configuration management.

• Ability to assess and advise on software supply chain security risks, including dependency management, SBOM generation, and artifact integrity.

• Understanding of how SSDLC practices connect to broader Zero Trust and governance objectives, particularly around workload identity, runtime protection, and continuous verification.

What Success Looks Like :
• Zero Trust assessments are delivered on time, on budget, and produce roadmaps that clients fund and execute, creating follow-on pipeline for AHEAD.

• Complex, multi-pillar engagements are scoped accurately, staffed effectively by coordinating across AHEAD practices, and delivered with consistent quality.

• The Zero Trust team grows in capability: junior consultants develop into independent workstream leads under your mentorship.

• Business development efforts directly contribute to wins, with your involvement in scoping, solutioning, and closing recognized as a differentiator.

• AHEAD's Secure Architecture service portfolio matures continuously with improved methodology, tooling, and repeatable delivery patterns.

• AI Security Governance engagements benefit from your architecture expertise, with GRC-led initiatives producing technically sound, implementable controls rather than paper-only governance.
Clients view you as a trusted advisor who connects strategic recommendations to practical, achievable outcomes.

The compensation range indicated in this posting reflects the On-Target Earnings (“OTE”) for this role, which includes a base salary and any applicable target bonus amount. This OTE range may vary based on the candidate’s relevant experience, qualifications, and geographic location.

Why AHEAD:

Through our daily work and internal groups like Moving Women AHEAD and RISE AHEAD, we value and benefit from diversity of people, ideas, experience, and everything in between.

We fuel growth by stacking our office with top-notch technologies in a multi-million-dollar lab, by encouraging cross department training and development, sponsoring certifications and credentials for continued learning.

USA Employment Benefits include:

- Medical, Dental, and Vision Insurance

- 401(k)

- Paid company holidays

- Paid time off

- Paid parental and caregiver leave

- Plus more! See benefits https://www.aheadbenefits.com/ for additional details.

Use of AI:

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, assessing responses, or to capture recordings and create transcriptions or summaries during interviews. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans.

If you would like more information about how your data is processed, please refer to the Candidate Privacy Notice or contact us at [email protected].

You may opt-out of the review or analysis of your application and resume by AI tools by using the General Application. Please include the role you wish to apply for in the Additional Information field. You may also choose to opt-out of recording and transcription at any time, including after joining an interview. Candidates will not be penalized for choosing to opt-out.