HPC Security Architect

HPC Security Architect
Required Qualification (as evidenced by an attached resume)
Bachelor's degree. In lieu of a degree, a combination of directly related full-time experience in cybersecurity, with experience in research computing or large-scale distributed systems totaling nine [9] years may be considered. Five [5] years of experience in cybersecurity, with experience in research computing or large-scale distributed systems. Experience in NIST 800-171, HIPAA, and regulated data environments. Experience with Identity and access management architectures. Experience with Network and system security design. Experience with Linux systems, high-performance networking, and storage architectures. Experience with translating complex regulatory requirements into technical implementations.
Preferred Qualifications:
Advanced degree (foreign equivalent or higher). Experience supporting HPC environments or research infrastructure. Experience in AI/ML security, model governance, and data provenance. Experience with federated identity (InCommon, SAML, OIDC) and research collaboration frameworks. Certified in CISSP, CISM, CCSP, or similar.
Brief Description of Duties:
The HPC Security Architect leads the design, implementation, and governance of security architecture across Stony Brook University's advanced research computing ecosystem, including AMA27, SeaWulf, NVWulf, and ClinWulf. This role establishes a comprehensive, risk-based security framework ensuring compliance with HIPAA, NIST 800-171, NIH GDS, and emerging AI governance standards. The incumbent operates at the intersection of research enablement and enterprise security, partnering with the Division of Information Technology (DoIT), Stony Brook Medicine IT (SBMIT), Research Security, IRB, and faculty to embed secure-by-design principles across compute, storage, data workflows, and collaborative research environments. The HPC Security Architect must have the ability to communicate with others effectively.
HPC Security Architecture & Strategy
Design and maintain a multi-tier security architecture for research computing environments spanning SeaWulf, NVWulf, ClinWulf, and AMA27 (NSF Tier-1 HPC).
Define reference architectures for secure compute, storage (GPFS/Arcastream), and high-speed networking (InfiniBand).
Establish segmentation strategies (network, identity, workload isolation) across research tiers.
Lead adoption of zero trust principles in HPC and research environments.
Align HPC security strategy with institutional and SUNY-wide initiatives (e.g., Empire AI).
Compliance & Regulatory Alignment
Lead implementation of security controls aligned to HIPAA Security Rule, NIST 800-171/CMMC, NIH Genomic Data Sharing (GDS) Policy, and federal export control requirements.
Partner with Research Security, Privacy, IRB, and Legal to define compliant research computing patterns and support Data Use Agreements (DUAs).
Enable secure data acquisition, storage, and sharing workflows.
Develop and maintain System Security Plans (SSPs) and supporting documentation for regulated environments.
Identity, Access, and Data Security
Architect and enforce identity and access management (IAM) integration (e.g., SailPoint, federated access, MFA).
Implement role-based and attribute-based access controls for HPC and research datasets.
Define secure onboarding workflows for faculty, research staff, external collaborators, and federated/national computing environments (e.g., NSF ACCESS, Empire AI).
Oversee data protection strategies, including encryption, key management, and secure data lifecycle controls.
Secure Research Environments & Data Governance
Design and operationalize tiered secure research environments (open, restricted, regulated).
Collaborate with Data Brokerage and Honest Broker services to ensure privacy-preserving data access.
Define secure data pipelines for clinical data (EMR integrations, TriNetX, OnCore/Cerner RPE), genomic and imaging data, and large-scale AI/ML datasets.
Establish controls for secure collaboration and data sharing, including external access frameworks.
Threat Modeling, Risk Management & Incident Response
Conduct threat modeling for HPC and AI workloads, including supply chain and model security risks.
Lead risk assessments for new research initiatives and infrastructure deployments.
Partner with enterprise security teams to integrate HPC into SOC monitoring, vulnerability management, and incident response processes.
Develop playbooks for research-specific incident scenarios (e.g., data exfiltration, misuse of compute resources).
Infrastructure & Platform Security Engineering
Provide security guidance for Linux-based HPC environments, container platforms (Singularity/Apptainer, Kubernetes), and scheduler systems (SLURM).
Define secure configurations for GPU systems, AI pipelines, high-performance storage systems (GPFS), and research cloud integrations (Azure HIPAA environments).
Support high-speed Networking (InfiniBand & Ultra Ethernet) design, including topology and switch configurations.
Familiarity with one or more of Cumulus, Mellanox Onyx, or SONiC NOSes.
Storage design, configuration, and benchmarking experience spanning high-speed flash, spinning disk, and archival solutions.
Training, Outreach & Research Enablement
Develop and deliver security guidance and training tailored to researchers and technical staff.
Serve as a trusted advisor to faculty on secure research design and grant proposals.
Contribute to letters of support and DMSP guidance related to secure computing environments.
Other duties and projects as assigned and appropriate to rank and area mission.
Special Notes:
This is a full-time appointment. FLSA Exempt position, not eligible for the overtime provisions of the FLSA. Minimum salary threshold must be met to maintain FLSA exemption.
For this position, we are unable to sponsor candidates for work visas.
SUNY implemented a hybrid telecommuting pilot program. This position has been approved to participate in the pilot, which allows for up to 5 remote days per pay period.
Resume/CV and cover letter should be included with the online application.
Stony Brook University is committed to excellence in diversity and the creation of an inclusive learning, and working environment. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, familial status, sexual orientation, gender identity or expression, age, disability, genetic information, veteran status and all other protected classes under federal or state laws.
If you need a disability-related accommodation, please call the university Office of Equity and Access (OEA) at or visit OEA.
In accordance with the Title II Crime Awareness and Security Act a copy of our crime statistics can be viewed here.
Visit our WHY WORK HERE page to learn about the total rewards we offer.
Salary: 142,000 - 182,000
To apply, visit https://stonybrooku.taleo.net/careersection/2/jobdetail.ftl?job=2601433&tz=GMT%2B00%3A00&tzname=UTC
jeid-3a6cc2c2fe17ac41b97d36b1baaa96a0