Cybersecurity Architect

Archer is an aerospace company based in San Jose, California building an all-electric vertical takeoff and landing aircraft with a mission to advance the benefits of sustainable air mobility. We are designing, manufacturing, and operating an all-electric aircraft that can carry four passengers while producing minimal noise.

Our sights are set high and our problems are hard, and we believe that diversity in the workplace is what makes us smarter, drives better insights, and will ultimately lift us all to success. We are dedicated to cultivating an equitable and inclusive environment that embraces our differences, and supports and celebrates all of our team members.

Position Summary
The Cybersecurity Architect is responsible for designing and advancing enterprise security controls across endpoints, mobile device management, identity, and certificate services, as well as supporting the cybersecurity architecture. This role focuses on improving device security posture across corporate and managed environments while helping implement scalable, resilient, and audit-ready security capabilities that support business growth, regulatory obligations, and a distributed workforce. This role partners closely with infrastructure, identity, cloud, networking, compliance, and end user computing teams to define technical standards, implement effective security controls, and reduce enterprise risk. The ideal candidate brings strong architectural and hands-on experience across endpoint hardening, MDM, PKI and certificate lifecycle management, Okta, and compliance-aligned control design, especially in environments subject to CMMC and related regulatory requirements.

Key Responsibilities

• Design and maintain security architecture standards for endpoint, identity, access, device management, and related infrastructure domains.
• Develop and improve device hardening standards across Windows, macOS, and mobile platforms, including secure configuration baselines, vulnerability reduction measures, and ongoing control validation.
• Support the design and administration of mobile device management capabilities, including secure enrollment, policy enforcement, compliance monitoring, application control, and integration with remote workforce security requirements.
• Define endpoint security standards covering operating system hardening, patching, disk encryption, browser security, endpoint protection, local privilege controls, and device health monitoring.
• Design and support enterprise certificate strategy and public key infrastructure practices, including certificate issuance, renewal, revocation, lifecycle governance, and integration with authentication and device trust services.
• Architect and enhance identity and access controls centered on Okta, including authentication flows, conditional access, lifecycle integration, federation, and alignment with Zero Trust principles.
• Translate CMMC and related control requirements into practical technical standards, implementation plans, and architecture recommendations.
• Partner with compliance and audit stakeholders to ensure endpoint, identity, and access controls are documented, testable, and capable of producing evidence.
• Participate in architecture reviews for endpoint, collaboration, identity, and infrastructure initiatives to ensure security requirements are considered early in design and deployment decisions.
• Integrate endpoint telemetry, MDM compliance data, identity signals, and certificate posture into broader monitoring and risk management processes.
• Create and maintain reference architectures, design standards, technical documentation, and implementation guidance for secure endpoint and identity services.
• Collaborate with engineering, infrastructure, and security operations teams to improve control effectiveness and implementation consistency.
• Communicate architectural recommendations, technical risks, and remediation priorities to technical teams and leadership.
• Stay current on emerging threats, hardening techniques, endpoint security tooling, MDM capabilities, certificate-based authentication models, and evolving regulatory expectations.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, or a related field, or equivalent practical experience.
• 6+ years of experience in cybersecurity engineering, security architecture, endpoint security, infrastructure security, or related disciplines.
• Strong hands-on experience with endpoint hardening for Windows, macOS, and mobile platforms in enterprise environments.
• Experience designing, implementing, or administering MDM or unified endpoint management solutions at scale.
• Knowledge of certificate services, PKI, certificate lifecycle management, and machine or device identity controls.
• Strong experience with Okta, including SSO, MFA, lifecycle management, federation, and policy-based access controls.
• Experience designing or supporting security controls aligned to CMMC, NIST 800-171, and similar regulatory or audit requirements.
• Strong understanding of Zero Trust security principles, especially as applied to endpoint trust, identity assurance, conditional access, and least privilege.
• Experience integrating endpoint security, MDM, identity, and access telemetry into monitoring or incident response workflows.
• Ability to create technical standards, architecture diagrams, design documentation, and implementation guidance.
• Strong written and verbal communication skills, with the ability to explain technical risks and tradeoffs to both technical and non-technical stakeholders.

Preferred Qualifications

• Experience supporting fully remote or distributed workforce environments.
• Experience in regulated industries such as aerospace, defense, manufacturing, healthcare, or financial services.
• Familiarity with Microsoft Intune, Jamf, Kandji, Workspace ONE, or other major device management platforms.
• Experience integrating device trust and certificate-based controls with conditional access and identity platforms.
• Working knowledge of endpoint compliance automation, secure configuration validation, and policy-as-code approaches.
• Experience with EDR, vulnerability management, privileged access management, and secure remote administration controls.
• Professional certifications such as CISSP, CISM, CCSP, or relevant vendor certifications in identity, cloud, or endpoint management.

Success Measures

• Consistent application of hardening standards and device compliance controls across supported platforms.
• Effective certificate and device identity governance with reduced operational disruption and stronger trust controls.
• Strong Okta architecture and access controls that improve user security while supporting business productivity.
• Reliable control implementation and evidence readiness for CMMC and related compliance assessments.
• Clear architecture standards that help teams deploy secure endpoint and identity services more efficiently.
• Improved endpoint security posture and measurable reduction in device-related risk.

Please note that this job description is intended to provide a general overview of the position and does not include an exhaustive list of responsibilities and qualifications

At Archer we aim to attract, retain, and motivate talent that possess the skills and leadership necessary to grow our business. We drive a pay-for-performance culture and reward performance that supports the Company’s business strategy. For this position we are targeting a base pay between $172,800 - $216,00. Actual compensation offered will be determined by factors such as job-related knowledge, skills, and experience.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.

Archer is committed to working with and providing reasonable accommodations to job applicants with physical or mental disabilities, and those with sincerely held religious beliefs. Applicants who may require reasonable accommodation for any part of the application or hiring process should provide their name and contact information to Archer’s People Team at people@archer.com. Reasonable accommodations will be determined on a case-by-case basis.

Information collected and processed as part of any job applications you choose to submit is subject to Archer's Candidate Privacy Policy.

Archer is unable to provide work visa sponsorship for this position at the present time.

Archer is proud to be an Equal Opportunity employer committed to diversity and inclusivity in the workplace. All aspects of employment are decided on the basis of merit, qualifications, and business needs. We do not discriminate based upon race, color, religion, sex, sexual orientation, age, national origin, disability status, protected veteran status, gender identity or any other characteristic protected by federal, state or local laws.

Archer Aviation does not engage with external recruiting agencies/individual recruiters with whom it does not have a prior written agreement. Archer reserves the right to make use of any unsolicited resumes that it receives and bears no responsibility for payment of any fees asserted from the use of unsolicited resumes. If you are a recruiting agency or individual recruiter wishing to do business with Archer, please reach out to People@archer.com. All employment processes are managed by the Archer People Team.