Senior Security Architect

Overview

At Novacore, we’re entering an exciting new chapter. Novacore is the newly formed specialty insurance entity created from the April 2025 sale of NSM Insurance Group’s U.S. commercial division. While we carry forward a 35-year legacy of deep industry expertise, we’re transforming what commercial insurance can be. The name Novacore reflects our ambition — nova for new and brilliant, core for strength and purpose. We’re building something bold and meaningful, and every team member plays a vital role in that mission.

Novacore is a leading specialty insurer and MGA platform backed by New Mountain Capital. We are transforming underwriting and risk selection with proprietary data, differentiated AI capabilities, and a modern technology stack built for scale. At the heart of this transformation is our mission to build agentic and automation-first solutions that unlock speed, insight, and operational leverage across the entire specialty value chain.

We are seeking a highly skilled and experienced Senior Security Architect with deep expertise in both Cloud Security and Product Security to join our dynamic security team. In this critical role, you will be instrumental in designing, implementing, and maintaining robust security architectures across our cloud-based platforms and product offerings. You will be a key contributor to our security strategy, working closely with engineering, product, and operations teams to embed security into every stage of the development lifecycle, ensuring our services are secure by design.

*We would ideally like for this person to sit at the Conshohocken, PA Home Office but are open to a fully remote candidates.**

Responsibilities

• Architect Secure Cloud Solutions: Design and develop comprehensive security architectures for cloud-native applications and services (e.g., AWS, Azure, GCP), ensuring adherence to industry best practices, regulatory requirements (e.g., SOC 2, HIPAA, GDPR), and internal security policies.
• Product Security Champion: Lead security architecture reviews for new and existing products and features, identifying potential vulnerabilities, recommending appropriate security controls, and guiding engineering teams on secure coding practices.
• Threat Modeling & Risk Assessment: Conduct in-depth threat modeling exercises and risk assessments for cloud environments and product features, proactively identifying and mitigating security risks throughout the SDLC.
• Security by Design & DevSecOps: Collaborate closely with product managers, developers, and DevOps engineers to integrate security considerations early and continuously into the software development lifecycle (SDLC) using a "security by design" and DevSecOps approach.
• Cloud Security Expertise: Provide expert guidance on securing cloud infrastructure, including identity and access management (IAM), network security, data encryption, container security, serverless security, and cloud security posture management (CSPM).
• Automation & Tooling: Drive the adoption of security automation and orchestration tools to enhance the efficiency and effectiveness of security controls in cloud and product environments.
• Incident Response & Remediation: Contribute architectural insights and recommendations to incident response efforts, aiding in the remediation of security incidents related to cloud and product vulnerabilities.
• Security Best Practices & Standards: Research, evaluate, and recommend new security technologies, frameworks, and best practices to continually improve our overall security posture.
• Mentorship & Collaboration: Mentor junior security engineers and foster a culture of security awareness and responsibility across engineering and product teams.
• Documentation: Create and maintain detailed security architecture documentation, security standards, and operational procedures.

Qualifications

• 8+ years of experience in information security, with a significant focus on security architecture.
• 5+ years of experience specifically in Cloud Security, with deep expertise in Microsoft Azure.
• 3+ years of experience in Product Security, Application Security, or Secure SDLC.
• Deep understanding of cloud security principles and hands-on experience with Microsoft Defender, Azure Security Center, Azure Policy, Azure Key Vault, Azure AD and Conditional Access Policies
• Proficiency in threat modeling methodologies (e.g., STRIDE, DREAD) and practical experience applying them to cloud and product architectures.
• Strong knowledge of secure coding principles and common application security vulnerabilities (e.g., OWASP Top 10, CWE).
• Experience with security frameworks such as NIST CSF, ISO 27001, and CIS Benchmarks for Azure.
• Familiarity with containerization technologies (e.g., Docker, AKS) and their associated security challenges.
• Experience with security automation tools and scripting languages (e.g., Azure CLI, Python, PowerShell, ARM templates, Terraform).
• Excellent communication, presentation, and interpersonal skills, with the ability to effectively communicate complex technical concepts to both technical and non-technical audiences.
• Strong analytical and problem-solving skills, with a proactive and innovative approach to security.

Preferred Qualifications

• Bachelor’s degree in computer science, Information Security, or a related field.
• Relevant industry certifications (e.g., CISSP, CCSP, AWS Certified Security – Specialty, Azure Security Engineer Associate, CSSLP, GWEB).
• Prior experience in a fast-paced, agile, product-centric environment.
• Experience with a variety of programming languages (e.g., PowerShell, Python, C#, Go).
• Understanding of data privacy regulations (e.g., GDPR, CCPA, HIPAA) and their architectural implications.
• Experience with Infrastructure as Code (IaC) security best practices and security scanning tools for ARM, Bicep, or Terraform in Azure.
• Demonstrated experience embedding DevSecOps practices within Azure DevOps or GitHub Actions CI/CD pipelines.

Originally posted on Himalayas