Cloud Security Architect
CyberArk, the global leader in privileged access management, helps organizations transform their business through improved security and reduced risk. As a trusted partner for thousands of companies around the world, CyberArk consistently sets the bar – driving innovation and helping our customers stay one step ahead of attackers.
CyberArk is looking for a Cloud Security Architect to join our Cloud Engineering team to lead the design & development of the Cloud security architectures, policies, procedures, methods and tools in the CyberArk SaaS environments. The Cloud Security Architect will work with Engineering and Product teams to continuously improve the security posture of the services.
The ideal candidate is familiar with information security industry best practices, modern automation tools and Cloud environment. We are looking for someone with a security mindset who "thinks like an attacker".
- Perform risk assessment of proposed and existing system architecture for compliance with security best practices, recommending technical, administrative and physical controls to mitigate identified risks
- Develop service security and compliance requirements for SaaS multi-tenant systems
- Design and develop cloud security architectures and perform architecture design reviews
- Design and develop frameworks and solutions to secure CI/CD pipelines
- Leading compliance efforts based on selected industry frameworks and compliance standards
- Implement, maintain and improve existing industry best practices of operational security controls such as:
- Identity and access management
- Encryption and data security
- Provide guidance to R&D and Product Management on defining and prioritizing development of secure SaaS offerings
- Prepare and deliver training and security awareness activities to the Engineering teams
- Acquire relevant knowledge, remain up to date, attend security conferences and be involved with the security community
- Drive and lead security processes, tools, methods, and knowledge and security enhancements
Nice to have
- 5+ years of experience with software security (security researcher, security engineer, security architect).
- Bachelor’s Degree in Computer Science or related field, or additional 5+ years of experience
- Experience in:
- Infrastructure security, security SDLC and secure SaaS practices
- Risk assessment and management, and threat modeling
- Security reviews for code/design/architecture and requirements
- Security compliance and frameworks such as FedRAMP or CSA CCM
- Hardening procedures
- Network administration and security
- Identity management and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS)
- Strong hands-on experience in:
- Linux/Unix and Windows OS
- Network architecture and security configurations
- Experience doing code review for configuration management tools and scripting languages
- Think like an attacker
- Excellent communication skills
- Strong attention to detail
- Strong hands-on technical abilities
- Strong computer literacy and/or the comfort, ability and desire to advance technically
- Strong understanding of Information Security in various environments
- Demonstrated ability to assume sole and independent responsibilities
- Ability to keep track of numerous detail-intensive, interdependent tasks and ensure their accurate completion
- Experience with FedRAMP certification
- Hand-on experience with AWS security best practices and AWS services
- Security standards and practices (CSA, OWASP, SANS, etc.)
- Security of relational databases (MySQL, MS SQL Server, Oracle)
- Security management certificates (CISSP, CSSLP, CISM, etc.)
- Has presented at security conferences (BlackHat, OWASP, etc.)
CyberArk is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.
Recruiting agencies or vendors without a valid agreement between the parties are not authorized to (a) send CyberArk unsolicited resumes or candidate data or (b) contact CyberArk employees for the purposes of presenting candidates for employment. CyberArk will only work with recruiting agencies who have a valid agreement with CyberArk and that are specifically invited by CyberArk’s recruiting team to assist with searching for and submitting candidates for a specific position. Any unsolicited resumes or other candidate data submitted to CyberArk will not be accepted and shall be considered CyberArk’s property. CyberArk will not pay any placement or other fees of any kind for any unsolicited resumes or candidate data that is submitted in violation of this policy. CyberArk does not accept liability under any legal theory such as course of conduct, oral agreements, implied contracts, or otherwise based on negotiations with a candidate identified from an unsolicited resume or data in violation of this policy.