Security Solution Architect (Networking, ZTNA)

Top 3 reasons to join us

• Competitive salary package
• Flexible working culture
• Global environment with international project

Job description

We are seeking a hands-on Security Solution Architect to design and lead the implementation of a next-generation Zero Trust XDR + SASE platform. This role requires deep expertise in Zero Trust architecture, network security, and cloud-native platforms, combined with strong coding skills to prototype, integrate, and automate security workflows.

Key Responsibilities

• Design end-to-end Zero Trust Network Access (ZTNA)
• Design SASE overlay networks
• Architect XDR pipelines (log ingestion, detection, automated response)
• Define integration between identity (SSO/MFA), network, application access, and security tooling

Zero Trust Implementation

• Deploy and manage Zerotrust Controllers and Edge Routers
• Implement identity-based service definitions and access policies
• Enforce service cloaking (no inbound exposure)
• Implement mTLS and secure tunnels
• Automate policy provisioning and identity lifecycle management

SASE / Network Layer Implementation

• Deploy SASE control plane and endpoints
• Design WireGuard-based secure overlay networks
• Implement site-to-site and user-to-network connectivity
• Build routing, segmentation, and SASE-lite features

Integration & Platform Engineering

• Integrate Zerotrust, XDR, SASE into a unified security platform
• Design secure end-to-end communication flows
• Build closed-loop security automation: detection → response → enforcement

Coding & Automation (Hands-on)

• Golang (preferred) for networking and security components
• Python for automation, orchestration, and API integration
• Develop policy-as-code frameworks and REST APIs
• Work with SDKs and APIs

Cloud-Native & DevOps

• Deploy and operate components on Kubernetes
• Use  Terraform, and CI/CD pipelines
• Ensure logging, metrics, and tracing for observability

Security & Best Practices

• Enforce Zero Trust principles and least privilege
• Implement micro-segmentation and secure key management
• Ensure end-to-end encryption (mTLS)
• Align with SOC 2, ISO 27001, ISO 42001 and modern security frameworks

Your skills and experience

Required Skills & Experience

• Network security, VPN, WireGuard, TCP/IP
• Zero Trust Architecture (ZTNA)
• OpenZiti or equivalent Zero Trust platforms
• NetBird or WireGuard-based networking
• Kubernetes, Docker, CI/CD pipelines
• XDR/SIEM tools and IAM (SSO, MFA, OIDC)

Nice to Have

• Experience building SASE or Zero Trust platforms
• Service mesh, overlay networks, eBPF
• SOAR, AI/LLM-based security automation

What Success Looks Like

• Production-ready Zero Trust access platform 
• Scalable SASE overlay network
• Integrated detection → response → enforcement pipeline on Kubernetes

Why you'll love working here

What we offer

• Competitive salary package aligned with your experience and market standards
• Performance-based reviews and clear growth opportunities
• A global working environment with exposure to international teams and projects
• Opportunities for personal and professional development, including training and new-skill learning
• Flexible working culture, built on trust and responsibility
• Supportive, open-minded team culture, where your ideas and contributions are valued
• Chances to travel or collaborate across offices, depending on project needs
• And more benefits tailored to help you thrive at Secuwall