Staff Software Engineer - Product Security
Date: Apr 24, 2021
Santa Clara, California, United States
CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArk, LinkedIn or Facebook.
We are looking for a Staff Software Engineer – Product Security to join our Engineering team to lead the design & development of the Cloud security architectures, policies, procedures, methods and tools in the CyberArk SaaS environments. The position will work with Engineering and Product teams to continuously improve the security posture of the services.
The ideal candidate is familiar with information security industry best practices, modern
automation tools and Cloud environment. We are looking for someone with a security
mindset who "thinks like an attacker".
- Perform risk assessment of proposed and existing system architecture for compliance with security best practices, recommending technical, administrative and physical controls to mitigate identified risks
- Develop service security and compliance requirements for SaaS multi-tenant systems
- Design and develop cloud security architectures and perform architecture design reviews
- Design and develop frameworks and solutions to secure CI/CD pipelines
- Leading compliance efforts based on selected industry frameworks and compliance standards
- Implement, maintain and improve existing industry best practices of operational security controls such as:
- Identity and access management
- Encryption and data security
- Provide guidance to R&D and Product Management on defining and prioritizing development of secure SaaS offerings
- Prepare and deliver training and security awareness activities to the Engineering teams
- Acquire relevant knowledge, remain up-to-date, attend security conferences and be involved with the security community
- Drive and lead security processes, tools, methods, and knowledge and security enhancements
- 5+ years of experience with software security (security researcher, security engineer, security architect).
- Bachelor’s Degree in Computer Science or related field, or additional 5+ years of experience
- Experience in:
- Infrastructure security, security SDLC and secure SaaS practices
- Risk assessment and management, and threat modeling
- Security reviews for code/design/architecture and requirements
- Security compliance and frameworks such as FedRAMP or CSA CCM
- Hardening procedures
- Network administration and security
- Identity management and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS)
- Strong hands-on experience in:
- Linux and Windows OS
- Network architecture and security configurations
- Experience doing architecture and design reviews
- Think like an attacker
- Excellent communication skills
- Strong attention to detail
- Strong understanding of Information Security in various environments
- Demonstrated ability to assume sole and independent responsibilities
- Ability to keep track of numerous detail-intensive, interdependent tasks and ensure their accurate completion
- Experience with FedRAMP certification
- Hand-on experience with AWS security best practices and AWS services
- Security standards and practices (CSA, OWASP, SANS, etc.)
- Security of relational databases (MySQL, MS SQL Server, Oracle)
- Security management certificates (CISSP, CSSLP, CISM, etc.)
- Has presented at security conferences (BlackHat, OWASP, etc.)
CyberArk is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.
Recruiting agencies or vendors without a valid agreement between the parties are not authorized to (a) send CyberArk unsolicited resumes or candidate data or (b) contact CyberArk employees for the purposes of presenting candidates for employment. CyberArk will only work with recruiting agencies who have a valid agreement with CyberArk and that are specifically invited by CyberArk’s recruiting team to assist with searching for and submitting candidates for a specific position. Any unsolicited resumes or other candidate data submitted to CyberArk will not be accepted and shall be considered CyberArk’s property. CyberArk will not pay any placement or other fees of any kind for any unsolicited resumes or candidate data that is submitted in violation of this policy. CyberArk does not accept liability under any legal theory such as course of conduct, oral agreements, implied contracts, or otherwise based on negotiations with a candidate identified from an unsolicited resume or data in violation of this policy.