Security Architect

About CyberArk:
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on X, LinkedIn or Facebook.

We are looking for a Cloud Security Architect to lead the design and development of security architecture, policies, and tools across our SaaS environments. The Cloud Security Architect will work with several Engineering and Product teams building our modern identity governance platform to continuously improve our security posture.

The ideal candidate is familiar with information security industry best practices, modern automation tools and Cloud environment. We are looking for someone with a security mindset who "thinks like an attacker". You will spend part of your time “hands on” creating and deploying systems to ensure we maintain a best-in-class security posture, and part of your time planning, reviewing and evaluating how to meet upcoming and potential threats.

What you need to succeed:

• Perform risk assessment of proposed and existing system architecture for compliance with security best practices, recommending technical, administrative and physical controls to mitigate identified risks.
• Develop service security and compliance requirements for SaaS multi tenant systems.
• Design and develop cloud security architectures and perform architecture design reviews.
• Design and develop frameworks and solutions to secure CI/CD pipelines.
• Leading compliance efforts based on selected industry frameworks and compliance standards.
• Implement, maintain and improve existing industry best practices of operational security controls such as:
  • Monitoring
  • Identity and access management
  • Encryption and data security
  • Self-auditing
• Provide guidance to R&D and Product Management on defining and prioritizing development of secure SaaS offerings.
• Prepare and deliver training and security awareness activities to the Engineering teams.
• Acquire relevant knowledge, remain up-to-date, attend security conferences and be involved with the security community.
• Drive and lead security processes, tools, methods, and knowledge and security enhancements.

#LI-KR1

• 5+ years of experience with software security (security researcher, security engineer, security architect).
• Bachelor’s Degree in Computer Science or related field, or additional 5+ years of experience
• Experience in:
  • Infrastructure security, security SDLC and secure SaaS practices
  • Risk assessment and management, and threat modeling
  • Security reviews for code/design/architecture and requirements
  • Security compliance and frameworks such as FedRAMP or CSA CCM
  • Hardening procedures
  • Network administration and security
  • Identity management and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS)
  • Threat modeling practices
• Extensive hands-on experience in:
  • Linux and Windows OS
  • Network architecture and security configurations
• Experience doing architecture and design reviews
• Thinking like an attacker
• Excellent communication skills
• A passion for the details
• Deep understanding of Information Security in various environments
• Demonstrated ability to take ownership and accountability of problems while collaborating with others
• Ability to keep track of numerous detail-intensive, interdependent tasks and ensure their accurate completion
• Ability to work a hybrid schedule in the Newton, MA area.

 Preferred:

• Experience with FedRAMP certification
• Hands-on experience with AWS security best practices and AWS services
• Security standards and practices (CSA, OWASP, SANS, etc.)
• Security of relational databases (MySQL, MS SQL Server, Oracle)
• Security management certificates (CISSP, CSSLP, CISM, etc.)
• Has presented at security conferences (BlackHat, OWASP, etc.)

We know that no candidate is a perfect match for every role. If you’re excited about this position and believe you can contribute to our mission, we’d love to hear from you.

CyberArk is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status. 

We are unable to sponsor or take over sponsorship of employment Visa at this time.

The salary range for this position is $130,000 – $180,000/year, plus commissions or discretionary bonus, which will be based on the employee’s performance. Base pay may also vary considerably depending on job-related knowledge, skills, and experience. The compensation package includes a wide range of medical, dental, vision, financial, and other benefits.