Security Architect в IT — рынок СНГ и Европы

Медиана Security Architect — $7140/мес по данным Zorky CRM (11 активных вакансий — узкая senior-ниша). Security Architect — senior-tier роль (typical entry с Senior Security Engineer / Senior Architect 6+ лет). Security Architect — $8000-13000 Senior (премиум над Security Engineer за счёт architecture + strategy уровня). Chief Security Architect / Head of Security Architecture — $12000-20000. Senior в международном enterprise + consulting (Big 4 security practices) — $13000-22000+. Security Architect в банках РФ — $9000-14000+. Премиум-доплаты: Zero Trust architecture experience +15-25%, SABSA / CISSP-ISSAP (architecture concentration) certifications +10-20%, compliance-heavy domain (banking / critical infrastructure 187-ФЗ) +15-25%, cloud security architecture +10-20%.

Security Architect — senior-tier роль («Junior Security Architect» не существует; нижние grade'а = mis-titled — realistic benchmarks смотрите Senior / Lead). Career-flow: два пути входа — 1) Senior Security Engineer (6+ лет — SIEM / IAM / network security operations) + architecture thinking → Security Architect; 2) Solutions / Software Architect + security specialization → Security Architect. Дальше: Senior / Principal Security Architect → либо Chief Security Architect / Head of Security Architecture, либо Enterprise Security Architect (Security domain внутри EA), либо CISO track (Chief Information Security Officer — Security Architect — частый путь к CISO), либо security consulting (Big 4 / specialized).

Москва Senior Security Architect — $8500-13000/мес (банки доминируют — Сбер.Tech / Тинькофф / ВТБ / Газпромбанк / Альфа / Райффайзен — formal security architecture function за счёт regulatory; Russian security vendors — BI.ZONE / Positive Technologies / Лаборатория Касперского — security architecture consulting; госкорпорации — за счёт 187-ФЗ critical infrastructure требований; крупные продуктовые — Яндекс / VK / Ozon / МТС). СПб $8000-12000. Минск/Киев $7000-11000 Senior. Польша €8000-13000 gross Senior. Германия €90-135K/год Senior. 42.9% — удалёнка. Аутсорсеры (EPAM Security Practice / Luxoft Security / Andersen) — $9000-15000 Senior на US / EU security architecture projects. Международный enterprise + security consulting (Big 4 — Deloitte / KPMG / EY / PwC security practices + specialized — Mandiant / NCC Group advisory) — $13000-22000+ Senior. Chief Security Architect / Head of Security Architecture — $14000-22000+. CISO (career destination) — $15000-30000+.

Топ-навыки: aws, azure, go, python, rust. Security architecture frameworks: SABSA (Sherwood Applied Business Security Architecture — главный security architecture framework, business-driven, 6-layer model), TOGAF Security Architecture, NIST Cybersecurity Framework (CSF 2.0 — Identify / Protect / Detect / Respond / Recover + Govern), NIST SP 800-53 (security controls catalog), O-ESA. Zero Trust: NIST SP 800-207 (Zero Trust Architecture — canonical reference), CISA Zero Trust Maturity Model, микросегментация, identity-centric security — главный architecture-тренд 2024-2026. Threat modeling: STRIDE (Microsoft), PASTA (7-stage risk-centric), LINDDUN (privacy), attack trees, MITRE ATT&CK (threat-informed defense), tools — OWASP Threat Dragon / Microsoft Threat Modeling Tool / IriusRisk. Security domains для architecture: IAM architecture (Zero Trust identity), network security architecture (segmentation / SASE), data security architecture (encryption strategy / key management / DLP / classification), application security architecture (secure SDLC design), cloud security architecture (CSPM / CNAPP design), infrastructure security. Risk & compliance: risk assessment methodologies, security control selection, compliance-driven architecture (PCI-DSS / ISO 27001 / SOC 2 / GDPR / 152-ФЗ + 187-ФЗ — проектировать под compliance). Security patterns: secure design patterns, security reference architectures, defense-in-depth design. Cryptography architecture: encryption strategy (at-rest / in-transit / in-use — confidential computing), key management architecture (HSM / KMS / envelope encryption), PKI design, post-quantum cryptography awareness (NIST PQC standards — rising 2026). Modeling: ArchiMate (security overlay), C4 model (security views), data flow diagrams. Broad technical foundation: Security Architect должен понимать systems / networks / cloud / applications достаточно чтобы проектировать security across них. Soft skills: risk communication к business / executives, security-vs-usability trade-off articulation, governance facilitation, stakeholder management.

Security Engineer — operational security: SIEM / EDR operations, incident response, vulnerability management, hands-on security tooling. См. Security Engineer (general). Зарплаты $4500-9500. Security Architect (эта страница) — design-level security: проектирует как безопасность встраивается в системы / enterprise до того как что-то построено — security reference architectures, threat modeling at scale, Zero Trust design, security patterns + standards. Зарплаты $8000-13000 Senior. Solutions Architect — проектирует solutions broadly (security — один аспект, не primary). См. Solutions Architect. Enterprise Architect — org-wide technology landscape (Security Architecture — один из доменов; Enterprise Security Architect = Security domain внутри EA). См. Enterprise Architect. Reality 2026 (overlap heatmap): Security Architect ↔ Security Engineer: 50% (Architect design-focused, Engineer operations-focused — но оба deeply security). Security Architect ↔ Solutions Architect: 40% (Security Architect — security-deep specialization, часто работает с Solutions Architects обеспечивая security в их solutions). Security Architect ↔ Enterprise Architect: 50% (Security Architecture — domain внутри EA framework). Career-flow: два пути в Security Architect — Security Engineer Senior + architecture thinking, ИЛИ Solutions / Software Architect + security specialization. Security Architect → часто → CISO (Chief Information Security Officer — Security Architect — один из главных feeder-ролей для CISO). Career-выбор: Security Engineer if нравится hands-on operations + incident response; Security Architect if нравится design + strategy + threat modeling + проектировать security-by-design; далее CISO if нравится security leadership + business risk + executive level.

Decision tree для security architecture approach 2026: 1) SABSA (Sherwood Applied Business Security Architecture) — главный dedicated security architecture framework. Business-driven (security architecture derives from business requirements + risk), 6-layer model (Contextual / Conceptual / Logical / Physical / Component / Operational — параллель Zachman). Pros: comprehensive, business-aligned, vendor-neutral, SABSA certification recognized. Cons: heavy если применять literally. Use case: dedicated security architecture practice, enterprise context — must-know framework для Security Architect. 2) TOGAF Security Architecture — security integrated в general enterprise architecture (TOGAF не имеет deep security model самостоятельно, но есть security architecture guidance + integration с SABSA — «TOGAF + SABSA» — распространённая комбинация). Use case: organizations использующие TOGAF для EA — security как domain. 3) NIST Cybersecurity Framework (CSF 2.0, 2024) — risk-based, 6 functions (Govern / Identify / Protect / Detect / Respond / Recover). НЕ architecture framework strictly — risk management framework, но widely used для structuring security program. NIST SP 800-53 — detailed security controls catalog (что конкретно внедрять). Use case: structuring security capabilities + controls selection, US-influenced organizations. 4) Zero Trust Architecture (NIST SP 800-207) — главный architecture-тренд 2024-2026. Не framework в смысле SABSA, а architecture model / philosophy: «never trust, always verify», устранение implicit trust based на network location, per-resource access decisions, continuous verification, micro-segmentation, identity-centric. Drivers: remote work (perimeter dissolved), cloud (apps вне datacenter), supply chain attacks, US Executive Order 14028 mandate. CISA Zero Trust Maturity Model — roadmap. Use case 2026: Zero Trust — это то, ЧТО проектирует современный Security Architect (target architecture); SABSA / TOGAF — это КАК (methodology). 5) O-ESA (Open Enterprise Security Architecture), OSA (Open Security Architecture) — alternative / supplementary. Default 2026 рекомендации: знать SABSA (dedicated security architecture framework — methodology + certification value), применять Zero Trust Architecture (NIST SP 800-207 — это target state современной security architecture), использовать NIST CSF для program structuring + SP 800-53 для controls, интегрировать с TOGAF если организация на TOGAF EA. Реальность: «SABSA / TOGAF — methodology, Zero Trust — target architecture, NIST — controls reference». Modern Security Architect балансирует framework rigor с pragmatic Zero Trust transformation.

Да, 42.9% Security Architect-вакансий — full-remote или гибрид. Security architecture work — design + threat modeling + documentation + reviews — технически remote-friendly. Аутсорсеры (EPAM Security Practice / Luxoft / Andersen) — больше remote. Российские банки + госкорпорации — гибрид/офис за счёт regulatory + security clearances (security architecture — sensitive роль, особенно для 187-ФЗ critical infrastructure). Russian security vendors (BI.ZONE / Positive Technologies / Касперский) — гибрид. Международный enterprise + security consulting — гибрид-standard. Caveat: Security Architect — stakeholder-heavy роль (security reviews + threat modeling workshops + risk communication к executives) — гибрид часто optimal. Релокант-хабы: Польша / Германия / Канада / ОАЭ. Английский для international Security Architect-remote — must (security frameworks + standards — NIST / SABSA — англоязычные, executive risk communication на английском).

Security Architect (general) — broad security architecture: проектирует security across всех domains (IAM / network / data / application / cloud / infrastructure). Zero Trust Architect (rising specialty 2024+) — focus специально на Zero Trust transformation: ведёт переход организации от perimeter-based security model к Zero Trust architecture. Day-to-day: 1) Zero Trust maturity assessment (где организация сейчас — CISA Zero Trust Maturity Model — 5 pillars: Identity / Devices / Networks / Applications / Data), 2) Zero Trust roadmap design (incremental — нельзя «включить Zero Trust» за раз), 3) Identity-centric security architecture (identity как primary perimeter — integration IAM / MFA / conditional access), 4) Micro-segmentation strategy (network — Illumio / Cisco / etc), 5) ZTNA / SASE architecture (replace VPN — Zscaler / Cloudflare / Palo Alto Prisma), 6) Device trust + posture, 7) Continuous verification design, 8) Policy engine architecture (centralized access decisions). Drivers: remote work permanence, cloud migration, supply chain attacks, regulatory push (US EO 14028, similar trends elsewhere). Зарплаты: Zero Trust Architect — премиум за rising-demand specialty, сопоставимо / выше general Security Architect. Reality 2026: Zero Trust — не всегда отдельная роль, чаще specialization / focus area внутри Security Architect (как Software Architect делает microservices — это часть работы, не отдельная профессия). Но в крупных организациях в процессе Zero Trust transformation — это может быть dedicated роль на 2-4 года программы. Career-flow: Security Architect + Zero Trust transformation project experience → Zero Trust Architect / Zero Trust transformation lead.

В топе: Сбер.Tech, BI.ZONE, EPAM. Security Architect — роль для security-mature организаций. Российские банки (formal security architecture function — regulatory mandate Central Bank): Сбер.Tech, Тинькофф, ВТБ, Газпромбанк, Альфа-Банк, Райффайзен, Россельхозбанк, МКБ. Russian security vendors (security architecture consulting + product security architecture): BI.ZONE, Positive Technologies, Лаборатория Касперского, Solar (МТС RED), Group-IB / FACCT, Информзащита. Госкорпорации / critical infrastructure (187-ФЗ требования → security architecture mandatory): Ростех / Росатом / РЖД / Газпром / Роснефть / Ростелеком. Телеком: Ростелеком / МТС / МегаФон. Крупные продуктовые: Яндекс / VK / Ozon / Wildberries / X5 Group / МТС. Аутсорсеры (Security Architecture practices): EPAM Security Practice / Luxoft Security / Andersen / DataArt. International security consulting / Big 4 (security architecture practices — premium): Deloitte / KPMG / EY / PwC / Accenture Security. Specialized: Mandiant (Google) / NCC Group / Bishop Fox advisory. International enterprises: банки (JPMorgan / HSBC / Deutsche Bank — большие security architecture teams), любые regulated industries (healthcare / finance / critical infrastructure), tech-companies (security architecture teams в Google / Microsoft / Amazon / etc). Security product vendors: Palo Alto Networks / CrowdStrike / Zscaler / Cloudflare — product security architecture roles.

Roadmap (Security Architect — senior-tier, два пути входа): Путь A (из security): 1) Стать Senior Security Engineer (6+ лет — SIEM / IAM / network security / cloud security operations). 2) Развить architecture thinking — design-level, не только operations. Путь B (из architecture): 1) Стать Solutions / Software Architect. 2) Глубоко специализироваться в security. Общий roadmap: 1) Security fundamentals deep — OWASP Top 10, cryptography (applied), network security, IAM, cloud security — broad foundation across security domains. 2) CISSP (Certified Information Systems Security Professional — ISC² — de-facto senior security cert) → CISSP-ISSAP (Information Systems Security Architecture Professional — architecture concentration — самая релевантная для Security Architect). 3) SABSA certification (SABSA Foundation → Practitioner — dedicated security architecture framework). 4) TOGAF (если работаешь в enterprise architecture context — security как domain). 5) Threat modeling mastery — STRIDE + PASTA + attack trees + MITRE ATT&CK. Practice на real systems. Книга: «Threat Modeling: Designing for Security» Adam Shostack (canonical). 6) Zero Trust deep — NIST SP 800-207 (Zero Trust Architecture) + CISA Zero Trust Maturity Model. Это главный modern security architecture target. 7) NIST frameworks — Cybersecurity Framework (CSF 2.0) + SP 800-53 controls catalog. 8) Security domains breadth — IAM architecture, network security architecture (SASE / segmentation), data security (encryption / key management), cloud security architecture, application security architecture. 9) Compliance-driven architecture — как проектировать под PCI-DSS / ISO 27001 / SOC 2 / GDPR / 152-ФЗ / 187-ФЗ. 10) Cryptography architecture — encryption strategy, key management (HSM / KMS), PKI, post-quantum cryptography awareness (NIST PQC). 11) Risk communication — translate technical risk в business language для executives — критичный skill. 12) Practice — в текущей роли брать security architecture задачи: threat modeling sessions, security design reviews, security reference architecture proposals. Курсы РФ: BI.ZONE Cybersecurity Academy, Positive Technologies Education, Otus security architecture courses, корпоративные security-школы (Сбер / банки растят Security Architects внутри). International (eng): SABSA official training, (ISC)² CISSP / CISSP-ISSAP training, SANS security architecture courses (SEC530 Defensible Security Architecture), «Threat Modeling» Adam Shostack, NIST publications (SP 800-207 Zero Trust + CSF — free), «Zero Trust Networks» Gilman / Barth. Communities: SABSA community, r/cybersecurity, OWASP, security conferences (RSA / BSides — architecture tracks), Telegram @security_architecture_ru. Senior Security Engineer / Architect (6+ лет) + CISSP-ISSAP + SABSA + threat modeling mastery → Security Architect.

11 активных открытых Security Architect-вакансий с явной security-architect-спецификой — узкая senior-ниша. Реальный рынок шире — many security-architecture roles classified как Senior Security Engineer / Solutions Architect (security-focused) / Security Lead. География: 🇵🇱 Польша, EN. Источники: hh.ru (банки + Russian security vendors + госкорпорации active), Habr Career, getmatch, LinkedIn (международный Security Architect сегмент — primary source для architect-уровня), Telegram (@security_architecture_ru, @cybersec_jobs, @security_ru, @architect_jobs), карьерные сайты EPAM Security Practice / Luxoft / Andersen, специализированные борды (cybersecjobs.com / infosec-jobs.com + LinkedIn primary), Russian security vendor careers (bi.zone / ptsecurity.com / kaspersky.com / solar.ru), security consulting careers (Deloitte / KPMG / EY / PwC / Accenture Security practices), RSA Conference / security conferences hiring. Значительная часть Security Architect-вакансий — executive search + internal promotion (организации растят Security Architects из Senior Security Engineers). Время закрытия Senior Security Architect — 8-16 недель (seniority + security depth + architecture skills + extensive vetting за счёт sensitivity роли).

Senior Security Architect владеет полным циклом security architecture + technical leadership. Security architecture frameworks mastery: SABSA (business-driven security architecture — 6-layer model), TOGAF Security Architecture integration, NIST CSF 2.0 + SP 800-53 controls, O-ESA. Zero Trust architecture mastery: NIST SP 800-207 deep, CISA Zero Trust Maturity Model, design Zero Trust transformation roadmaps, identity-centric architecture, micro-segmentation, ZTNA / SASE design. Threat modeling mastery: STRIDE + PASTA + LINDDUN + attack trees + MITRE ATT&CK threat-informed defense — lead threat modeling sessions для complex systems. Security domains breadth + depth: IAM architecture (Zero Trust identity), network security architecture (segmentation / SASE / NDR), data security architecture (encryption strategy / key management / DLP / classification), application security architecture (secure SDLC), cloud security architecture (CSPM / CNAPP), infrastructure security. Cryptography architecture: encryption strategy (at-rest / in-transit / in-use — confidential computing), key management architecture (HSM / KMS / envelope encryption), PKI design, post-quantum cryptography migration planning (NIST PQC standards). Risk & compliance: risk assessment methodologies, security control selection, compliance-driven architecture (PCI-DSS / ISO 27001 / SOC 2 / GDPR / 152-ФЗ / 187-ФЗ), risk quantification. Security patterns: secure design patterns, security reference architecture development, defense-in-depth design, security architecture governance. Broad technical foundation: достаточное понимание systems / networks / cloud / applications / data чтобы проектировать security across них (Security Architect — broad, не deep в одном domain). Architecture modeling: ArchiMate (security overlay), C4 model (security views), data flow diagrams для threat modeling. System design для security: design secure architecture на whiteboard, design Zero Trust transformation, design enterprise security architecture, design secure-by-default platforms. Risk communication — критично: translate technical security risk в business language для executives / board, articulate security-vs-usability-vs-cost trade-offs, security investment business cases. Soft skills: stakeholder management, security architecture governance facilitation (security review boards), influence without authority, mentoring Security Engineers, working с development teams (security-by-design — нужно partnership, не gatekeeping). Английский для Senior+ MUST — security frameworks / standards (NIST / SABSA / ISO) + executive communication англоязычные в international context. Certifications: CISSP / CISSP-ISSAP (architecture concentration), SABSA, TOGAF, cloud security certs. Optional bonus: Zero Trust transformation track record, conference speaking (RSA / security architecture), published security architecture thought leadership — резко повышают market value для Chief Security Architect / CISO track.

Данные собраны автоматически из 1000+ источников — Telegram-каналов вакансий и сайтов работы СНГ и Восточной Европы (HH, Habr Career, Djinni, DOU, NoFluffJobs, JustJoin.it, Pracuj.pl и других). Парсинг работает круглосуточно, дубликаты фильтруются по описанию и URL, аномальные значения зарплат отсекаются. Подробная методология — на странице «Как работает».