ECCO Select is a talent acquisition and consulting company specializing in people, process and technology solutions. We provide the talent behind the technology enabling our clients to achieve their goals. For more information about ECCO Select, visit us at www.eccoselect.com.
Position Title: Principal Cybersecurity Architect – Lab & Customer Infrastructure
Location Information Remote
Position Responsibilities:
As the Principal Cybersecurity Architect for Lab & Customer Infrastructure, you will play a pivotal role in designing, implementing, and governing security across complex, multi-tenant lab environments that support critical customer engagements. You will be hands-on in establishing security controls at the intersection of network security, infrastructure engineering, and customer operations. This environment includes both virtual and physical assets, presenting unique challenges including tenant isolation, secure customer connectivity, supply chain security, and operational resilience during an ever-changing development lifecycle.
Main responsibilities include:
- Multi-Tenant Environment Security & Isolation
- Architect and enforce strict network segmentation between customer lab environments, ensuring complete isolation and preventing both intentional and accidental cross-segment access.
- Define and maintain the network security architecture using VLANs, micro-segmentation, firewall zoning, and inter-VLAN routing controls, embracing a zero-trust security posture for each tenant environment.
- Create and support standards for how new customer environments are provisioned, validated for security, and decommissioned to ensure there are no lingering data or configuration artifacts.
- Lead ongoing isolation assurance efforts, such as conducting scheduled penetration testing, traffic analysis, and configuration audits to continuously validate security boundaries.
- Customer Connectivity & External Access
- Design secure remote connectivity solutions for customers, utilizing advanced options such as Zero Trust Network Access (ZTNA), IPSec/SSL VPNs, and private/dedicated circuits, tailored to customer security requirements.
- Establish robust onboarding processes for external users, including identity verification, access scoping, enforcement of multifactor authentication, and the use of time-bound access windows.
- Develop and operate secure access gateways that log, monitor, and enforce least-privilege rules for all customer sessions, integrating these systems with broader security monitoring and response tools.
You will work collaboratively with infrastructure engineers, operations, and customer teams to ensure secure design patterns are integrated seamlessly with operational practices. You will actively participate in security architecture reviews and be expected to stay current with evolving threat landscapes and compliance requirements pertinent to customer lab environments.
Essential Skills, Experience
- Demonstrated, hands-on experience in security architecture for complex, multi-tenant enterprise or laboratory environments.
- Deep knowledge of network architecture, including network segmentation, VLANs, micro-segmentation, firewall zoning, and inter-VLAN routing.
- Strong expertise in implementing and governing zero-trust models in practical environments.
- Experience designing secure remote access solutions including (but not limited to) Zero Trust Network Access, VPNs (IPSec, SSL), and private/dedicated network circuits.
- Proficiency with identity and access management, multifactor authentication, and least-privilege access enforcement.
- Skilled in performing security assessments: conducting penetration testing, segmentation validation, and traffic analysis.
- Solid understanding of secure provisioning and decommissioning practices to ensure no remnant data or configurations persist.
- Experience leading or participating in security architecture reviews for rapidly evolving environments.
- Excellent communication and documentation skills, with the ability to translate complex security requirements for engineering and customer-facing teams.
- Proactive approach to emerging threats, changes in compliance standards, and new technologies relevant to lab and customer infrastructure.
Qualifications:
- Bachelor’s or Master’s degree in Computer Science, Information Security, Engineering, or a related field (or equivalent work experience).
- Industry certifications such as CISSP, CCSP, or similar are highly desirable.
- Minimum of 7 years’ experience in security architecture or a related security engineering field.
- Prior experience working with customer-facing labs or multi-tenant infrastructure environments is a strong plus.
ECCO Select is committed to hiring and retaining a diverse workforce. Our policy is to provide equal opportunity to all people without regard to race, color, religion, national origin, ancestry, marital status, veteran status, age, disability, pregnancy, genetic information, citizenship status, sex, sexual orientation, gender identity or any other legally protected category. Veterans of our United States Uniformed Services are specifically encouraged to apply for ECCO Select opportunities.
Equal Employment Opportunity is The Law
This Organization Participates in E-Verify

