Information Security Architect

Please Note: This is a Utah-based hybrid position which will require some regular in-office days each week. Additionally, employment with BambooHR is contingent on passing both a background and credit check. 

AI at BambooHR
At BambooHR, we’re all about setting people free to do great work, and we believe AI is a powerful partner in that mission. We’re leaning into intelligent tools to streamline our workflows, giving us more time for high-impact innovation. We look for curious, forward-thinking people who are ready to explore how AI can elevate their work and help us reimagine the future of HR.

Essential Job Duties

The Information Security Architect will lead hands-on security architecture design across BambooHR’s cloud environment and corporate information systems, partnering with engineering, IT, and security teams to embed security into platforms, processes, and day-to-day technology decisions. A typical day includes leading architecture and design reviews, defining secure cloud and corporate security patterns, advising on identity and data protection strategies, and guiding teams through complex security tradeoffs to enable secure, scalable delivery.

The Information Security Architect will own outcomes across cloud and corporate security architecture, delivering scalable designs, standards, and measurable risk reduction. This role operates with a high degree of autonomy and influence, partnering across engineering, IT, product, and security to embed security into how BambooHR designs, builds, and operates.

You will:

• Lead the design and evolution of security architecture across cloud infrastructure, SaaS platforms, and corporate information systems, ensuring solutions are secure-by-design, scalable, and operationally sustainable.
• Own and maintain security architecture standards, reference architectures, and secure design patterns spanning identity and access management, data protection, logging/telemetry, endpoint security, and third-party integrations.
• Conduct and lead security architecture reviews for new systems, material changes, vendor tools, and integrations; document decisions, required control outcomes, and implementation guidance that teams can execute.