Security Architect - Access & Integration
Wex
About the Team/Role
WEX, Inc. is looking for a Security Architect to act as our primary architectural validator and security gatekeeper for new system development, system integrations, and commercial software acquisition SaaS and COTS. This individual is responsible for ensuring that all new systems correctly implement established IAM policies, Zero Trust principles, and network segmentation standards while meeting critical regulatory compliance requirements.
We’re the Global Information Security Team at WEX, responsible for implementing and operating security technologies and processes throughout WEX. We partner closely with internal teams and customers to assure WEX operates in a secure and compliant manner. Our team holds itself to a high-standard and we collaborate closely with one another to ensure strong, reliable and effective relationships. We own our results and we take pride of ownership in everything we do.
How you'll make an impact
Design Validation & Policy Fit: Conduct technical design reviews for new applications to confirm that proposed authentication, authorization, and data flow mechanisms adhere to the existing IAM Roadmap and security segmentation standards.
Compliance and Data Security Assurance: Review proposed systems and SaaS}$ integrations to ensure data handling and storage locations align with HIPAA/HITRUST, PCI, SOC, and SOX requirements.
Commercial Software Security Review: Serve as the key technical security participant in the commercial software risk review process (SaaS, COTS), conducting deep-dive reviews of vendor SOC 2 reports and technical integration methods.
SME Engagement & Triage: Act as the primary triage point for security architecture questions, recognizing complex identity or network hurdles and efficiently engaging IAM} or Network Security SMEs for deep-dive support.
Infrastructure & Segmentation Validation: Review proposed network designs (VNets, subnets, firewalls) to confirm that micro-segmentation intent is correctly captured and traffic paths align with established security policy.
Experience you'll bring
Culturally, you’re:
A collaborative communicator who works well with stakeholders to ensure security is a "day one" consideration in project lifecycles.
A "bridge-builder" who recognizes when a design requires deeper specialization and knows exactly when to pull in other technical subject matter experts (SMEs).
Comfortable balancing the need to move fast with the stringent requirements of a highly regulated financial technology organization.
Customer-focused, ensuring that internal engineering teams have the clear "How-To" guides and checklists they need to succeed.
A leader who drives change through education and architectural fit rather than just checking boxes.
Technically, you:
Are a specialist in authentication and authorization protocols (SAML, OAuth 2.0/OIDC) and their practical application in enterprise environments.
Deliver actionable security guidance and checklists that translate high-level IAM strategy into project-level execution.
Analyze complex data flows to ensure confidentiality and compliance with residency and regulatory standards.
Understand core networking and micro-segmentation concepts within a Zero Trust framework.
Contribute to documented guidelines and best practices for secure application and SaaS integration.
At a minimum, you:
Have 3-5 years of progressive experience in information security, with a focus on IAM, Network Security, or Architecture.
Have 3+ years of experience reviewing system and network architectures for security flaws and policy alignment.
Have a strong, practical understanding of modern Identity Providers (IdP) and Zero Trust access models.
Are able to troubleshoot and validate complex access and segmentation issues within a multi-cloud and hybrid environment.
Have excellent communication skills, with the ability to explain complex security requirements to non-security audiences.
It would be nice if you have:
Security certifications such as CISSP, CCSP, or CISM.
Specific certifications in Identity platforms (e.g., Okta) or Cloud Security.
Experience with Privileged Access Management (PAM) and API Security.
Prior experience contributing to the creation of formal IAM and Zero Trust security standards.