Security Architect - Access & Integration

About the Team/Role 
WEX, Inc. is looking for a Security Architect to act as our primary architectural validator and security gatekeeper for new system development, system integrations, and commercial software acquisition SaaS and COTS. This individual is responsible for ensuring that all new systems correctly implement established IAM policies, Zero Trust principles, and network segmentation standards while meeting critical regulatory compliance requirements.
 

We’re the Global Information Security Team at WEX, responsible for implementing and operating security technologies and processes throughout WEX. We partner closely with internal teams and customers to assure WEX operates in a secure and compliant manner. Our team holds itself to a high-standard and we collaborate closely with one another to ensure strong, reliable and effective relationships. We own our results and we take pride of ownership in everything we do.

How you'll make an impact

• Design Validation & Policy Fit: Conduct technical design reviews for new applications to confirm that proposed authentication, authorization, and data flow mechanisms adhere to the existing IAM Roadmap and security segmentation standards.

• Compliance and Data Security Assurance: Review proposed systems and SaaS}$ integrations to ensure data handling and storage locations align with HIPAA/HITRUST, PCI, SOC, and SOX requirements.

• Commercial Software Security Review: Serve as the key technical security participant in the commercial software risk review process (SaaS, COTS), conducting deep-dive reviews of vendor SOC 2 reports and technical integration methods.

• SME Engagement & Triage: Act as the primary triage point for security architecture questions, recognizing complex identity or network hurdles and efficiently engaging IAM} or Network Security SMEs for deep-dive support.

• Infrastructure & Segmentation Validation: Review proposed network designs (VNets, subnets, firewalls) to confirm that micro-segmentation intent is correctly captured and traffic paths align with established security policy.

Experience you'll bring 

Culturally, you’re:

• A collaborative communicator who works well with stakeholders to ensure security is a "day one" consideration in project lifecycles.

• A "bridge-builder" who recognizes when a design requires deeper specialization and knows exactly when to pull in other technical subject matter experts (SMEs).

• Comfortable balancing the need to move fast with the stringent requirements of a highly regulated financial technology organization.

• Customer-focused, ensuring that internal engineering teams have the clear "How-To" guides and checklists they need to succeed.

• A leader who drives change through education and architectural fit rather than just checking boxes.

Technically, you:

• Are a specialist in authentication and authorization protocols (SAML, OAuth 2.0/OIDC) and their practical application in enterprise environments.

• Deliver actionable security guidance and checklists that translate high-level IAM strategy into project-level execution.

• Analyze complex data flows to ensure confidentiality and compliance with residency and regulatory standards.

• Understand core networking and micro-segmentation concepts within a Zero Trust framework.

• Contribute to documented guidelines and best practices for secure application and SaaS integration.

At a minimum, you:

• Have 3-5 years of progressive experience in information security, with a focus on IAM, Network Security, or Architecture.

• Have 3+ years of experience reviewing system and network architectures for security flaws and policy alignment.

• Have a strong, practical understanding of modern Identity Providers (IdP) and Zero Trust access models.

• Are able to troubleshoot and validate complex access and segmentation issues within a multi-cloud and hybrid environment.

• Have excellent communication skills, with the ability to explain complex security requirements to non-security audiences.

It would be nice if you have:

• Security certifications such as CISSP, CCSP, or CISM.

• Specific certifications in Identity platforms (e.g., Okta) or Cloud Security.

• Experience with Privileged Access Management (PAM) and API Security.

• Prior experience contributing to the creation of formal IAM and Zero Trust security standards.

The base pay range represents the anticipated low and high end of the pay range for this position. Actual pay rates will vary and will be based on various factors, such as your qualifications, skills, competencies, and proficiency for the role. Base pay is one component of WEX's total compensation package. Most sales positions are eligible for commission under the terms of an applicable plan. Non-sales roles are typically eligible for a quarterly or annual bonus based on their role and applicable plan. WEX's comprehensive and market competitive benefits are designed to support your personal and professional well-being. Benefits include health, dental and vision insurances, retirement savings plan, paid time off, health savings account, flexible spending accounts, life insurance, disability insurance, tuition reimbursement, and more. For more information, check out the "About Us" section.Pay Range: $109,300.00 - $133,000.00