Senior Security Architect & SOC Operations

Location: Puerto Rico, USA

Business Unit: Cencora Puerto Rico – Data Analytics Services & Solutions

Reports To: Director – Site Reliability Engineering (SRE) Shared Services

Role Type: Individual Contributor – Senior Technical Specialist

Job Type: Full-Time

Cencora (formerly AmerisourceBergen) is a global healthcare leader committed to improving lives by advancing the development and delivery of pharmaceutical and healthcare products. Our Data Services & Solutions organization powers Cencora’s digital transformation by building secure, reliable, and data-driven platforms that enable analytics, AI, and supply chain intelligence across the global healthcare ecosystem.

The Security Architect & SOC Operations role is a senior information‑security professional responsible for defining, implementing, and operating Cencora’s security architecture and 24×7 Security Operations Center (SOC) capabilities for the Data Services & Solutions organization. The role encompasses ownership of security controls design, threat monitoring, incident response, and the implementation of preventive and detective measures to mitigate the OWASP Top 10 vulnerabilities and other emerging cyber threats.

• Design and maintain the security architecture for data analytics, compute, and network environments across hybrid (on‑premises and cloud) deployments.
• Define and enforce security baselines, reference architectures, and configuration standards aligned to SOC 2, ISO 27001, NIST 800‑53, and CIS benchmarks.
• Conduct threat modeling and risk assessments to identify vulnerabilities in applications, networks, and infrastructure.
• Ensure mitigation of OWASP Top 10 risks through secure‑coding guidelines and continuous security testing.
• Partner with architecture and engineering teams to embed security‑by‑design principles into solutions from concept through deployment.

• Operate and continuously improve Cencora’s security monitoring and incident‑response capabilities.
• Maintain and tune SIEM platforms (Splunk, Azure Sentinel, or equivalent) for real‑time threat detection and correlation.
• Define SOC processes for alert triage, escalation, and resolution to meet MTTD and MTTR targets.
• Coordinate security incident response activities, including root‑cause analysis (RCA), containment, eradication, and recovery.
• Produce post‑incident reports and recommendations to prevent recurrence.

• Lead regular vulnerability scans, penetration tests, and red‑team exercises to validate defensive controls.
• Prioritize and remediate findings based on risk and business impact.
• Maintain patch management and configuration compliance across compute, network, and application assets.
• Integrate threat intelligence feeds and automate response through SOAR platforms.
• Collaborate with Observability and Telemetry engineers to detect and contain security events proactively.

• Implement IAM – RBAC and ABAC models for data analytics and infrastructure services.
• Manage integration with IAM, MFA, and federated identity providers (Azure AD, Okta, Ping).
• Oversee encryption standards for data at rest and in transit (TLS 1.2+, AES‑256, and KMS solutions).
• Define data classification, retention, and privacy policies to ensure compliance with HIPAA and GDPR.

• Maintain audit‑ready documentation supporting SOC 2 Type I & II and ISO 27001 controls and ensure continuous control evidence collection through automation.
• Partner with internal and external auditors to facilitate collection of evidence and gap remediation.
• Generate metrics and dashboards for executive visibility into security posture and incident response KPIs.
• Ensure continuous compliance through automated policy checks and change management reviews.

• Work closely with SRE and Network Engineering to design secure, compliant and high‑availability architectures.
• Partner with Data Operations and Analytics teams to secure data pipelines, APIs, and integration points.
• Collaborate with Platform and DevOps teams to embed security controls in CI/CD pipelines and infrastructure‑as‑code.
• Support and lead security incident war‑rooms and joint RCA sessions with Observability and Telemetry engineers.

• ≥99.9% security platform uptime and continuous monitoring coverage.
• MTTD < 5 minutes and MTTR < 30 minutes for security incidents.
• 100% completion of SOC 2 Type I & II and ISO 27001 audits with no major non‑conformities.
• ≥95% critical vulnerability remediation within defined SLOs.
• Zero critical data breaches or compliance violations annually.
• Continuous reduction in false‑positive alerts and mean alert‑handling time.
• 100% adherence to patch and configuration management standards.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Engineering, Computer Science, or related field.
• 8+ years of experience in information security architecture and SOC operations within enterprise or hybrid cloud environments.
• Deep understanding of network, application, and cloud security architectures.
• Hands‑on experience with SIEM, SOAR, and EDR tools (Splunk, Sentinel, CrowdStrike, Microsoft Defender, Palo Alto Cortex XSOAR).
• Expertise in OWASP Top 10 mitigation, vulnerability scanning tools (Tenable, Qualys, Nessus), and threat intelligence platforms.
• Knowledge of firewalls, WAFs, and network security devices (Palo Alto, Cisco, Fortinet).
• Proficiency in security automation using Python, PowerShell, or Bash.
• Strong grasp of SOC process frameworks, SIEM rule development, and incident response runbooks.
• Experience in implementing Zero‑Trust security architectures and data loss prevention (DLP) solutions.
• Familiarity with compliance frameworks (SOC 2, ISO 27001, NIST, HIPAA, GDPR).
• Excellent communication and documentation skills for executive and technical audiences.

• Certified Information Systems Security Professional (CISSP).
• Certified Cloud Security Professional (CCSP).
• GIAC Security Operations Certified (GSOC) or GIAC Incident Handler (GCIH).
• Microsoft Cybersecurity Architect Expert or Azure Security Engineer Associate.
• ISO/IEC 27001 Lead Implementer or Lead Auditor.
• Palo Alto Networks Certified Network Security Engineer (PCNSE) preferred.

Fully fluent in English is a must (writing, reading, listening, and speaking). Bilingual (English & Spanish) is preferred.

The Security Architect & SOC Operations role is instrumental in ensuring that Cencora’s data analytics ecosystem remains secure, compliant, and trusted by both upstream manufacturers and downstream healthcare partners.

Through robust security design, proactive threat management, and rapid incident response, this role safeguards the confidentiality of sensitive data while enabling continuous availability of critical supply‑chain analytics services that directly support Cencora’s mission to advance global healthcare delivery.

We are united in our responsibility to create healthier futures and value diversity in all its forms. We believe innovation thrives through collaboration, diverse perspectives, and a shared purpose to create healthier futures worldwide.

Cencora is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.

Harassment is prohibited, and all matters related to recruiting, training, compensation, benefits, promotions and transfers comply with equal opportunity principles and are non‑discriminatory.

Cencora is committed to providing reasonable accommodation to individuals with disabilities during the employment process, which is consistent with legal requirements. If you wish to request accommodation while seeking employment, please call 888.692.2272 or email hrsc@cencora.com. Determinations on a request‑by‑request basis.

Messages and emails regarding anything other than accommodations requests will not be returned.