Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The IT Secure Infrastructure Engineering (SIE) team is seeking an experienced Security Solution Architect.

 

The individual in this role will be part of the team responsible for BCG's Infrastructure Strategy with a focus on the design, implementation, and optimization of enterprise-grade security and identity solutions across the hybrid and multi-cloud environments.

 

This role primarily focuses on technologies spanning Cloud Security Posture Management (CSPM), Data Security Posture Management (DSPM), Secrets Management, and Data Lost Prevention (DLP)

 

Experience with Cloud IAM, Privileged Access Management (PAM), Identity Governance & Administration (IGA), Authentication (AuthN) & Authorization (AuthZ), Single Sign-On (SSO), MFA, Device Trust, Break-glass, Secret 0, Active Directory Backup & Recovery, Directory Services, and Active Directory Modernization is highly desirable, though not a core requirement. Candidates with these additional competencies will be considered especially strong and may support cross-domain security initiatives.

 

The role requires a strategic thinker who can translate complex business requirements into secure, scalable and resilient security architectures. The successful candidate will act as a technical subject matter expert while effectively engaging with diverse, globally dispersed teams and communicating solutions in clear, business focused language.

What You'll Bring

The ideal candidate will demonstrate appropriate experience in the following:

Hands-on expertise in at least three of the following domains:

o DLP (e.g., Microsoft Purview, Netskope, Symantec)

o CSPM/DSPM (e.g., Wiz, Prisma Cloud, Orca, Dig)

o Secrets Management (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault)

Bonus Experience

o PAM/IGA/SSO/Directory Services (CyberArk, SailPoint, Okta, Ping, Azure AD)

o Device Trust and Conditional Access (Intune, Jamf, BeyondCorp, or similar)

o Cloud IAM (AWS IAM, Azure RBAC, GCP IAM)

o Active Directory or Azure AD modernization initiatives (EntraID)

o AD/EntraID Backup & Recovery (i.e., Commvault, Quest, Semperis)

Has strong practical experience with DevOps tools and methods, like CI/CD, Git, IaC (Terraform)

Working and collaborating with Agile Teams (Squad)

Good understanding of using Jira for story tracking and Confluence for documentation

Strong communication, documentation, and stakeholder engagement skills

High level of initiative, self-motivation, resourcefulness, collaboration and patience

Ability to successfully and effectively manage multiple projects and deliverables

Ability to build trust and work collaboratively with senior leadership and stakeholders

Ability to successfully implement change through relationships built on a local, regional and global level

Minimum of a bachelor's degree in related field or relevant experience/certifications

o Preferred

AWS Certified Solutions Architect, Azure Security Engineer, or GCP Professional Cloud Security EngineerCISSP, CCSP, or equivalent security certification7 Years Experience in security architecture roles

 

Who You'll Work With

You will collaborate with a broad spectrum of stake holders across the organisation, including engineers, developers, managers, and directors within IT. This will involve working closely with the IT teams to align network strategy with business objectives, ensuring that technical solutions and designed and delivered to support growth, resilience, and security. The role requires the ability to bridge technical and non-technical audiences, enabling effective decision-making and fostering strong cross-functional relationships.

Additional info

YOU’RE GOOD AT

 

Architecture and Design

Design and implement data protection and security architectures spanning DLP, CSPM, DSPM, and secrets management.Build integrated backup and recovery strategies for critical cloud workloads and data repositories.Partner with engineering teams to ensure strong alignment of security controls with business objectives and compliance frameworks.Define architectural patterns for secure multi-cloud adoption (AWS, Azure, GCP).

Cloud and Data Security Enablement

Evaluate, select, and implement cloud native and hybrid-party data protection solutions.Integrate DLP and DSPM platforms with identity and access frameworks to achieve holistic protection of data at rest, in motion, and in use.Develop reusable reference architectures and blueprints that embed security by design.Implement automation where possible using Terraform, API integrations, Git Actions and/or Terraform Cloud

Governance and Risk Alignment

Contribute to enterprise security standards and cloud governance models.Conduct architecture reviews and risk assessments for data-centric initiatives.Collaborate with compliance teams to align solutions with NIST, ISO 27001, and SOC 2 frameworks.

Secondary / Bonus Areas (Candidates with experience in these domains may assist adjacent teams or lead targeted projects as part of a broader security transformation program.)

Support identity and access modernization initiatives involving PAM, IGA, SSO, and Directory Services.Contribute to Zero Trust strategy and device trust frameworks.Provide architectural guidance on Cloud IAM and AD modernization to strengthen foundational identity controls.

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.