Senior Security Architect

About CyberArk:
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on Twitter, LinkedIn or Facebook.

As a Security Architect within our Product Security team, you will play a pivotal role in enhancing and maintaining the security posture of our organization. You will provide governance and guidance on security measures in product development and operations, ensuring our products and systems are robust and resilient against threats.

This role requires a security professional who is also a thought leader with deep technical expertise and a passion for mentoring others.

Responsibilities

• Provide governance and guidance on security measures in product development and operations.
• Oversee the implementation of security policies and serve as the main contact for guidance on security activities.
• Define and propagate cross-company security best practices, and cloud security architectures.
• Define and maintain secure development guidelines and standards.
• Initiate and participate in code reviews, design reviews, threat modeling and other critical assessments to ensure security standards are met.
• Prepare and deliver training sessions and security awareness activities to development and engineering teams.
• Lead product incident response efforts and ensure timely and effective resolution.
• Review and update security policies to align with evolving threats and organizational needs.
• Lead the assessments of teams/services to ensure compliance with security policies and standards.
• Manage security tools, provide training, and assist developers in utilizing these tools and interpreting reports.
• Support external/internal penetration testing services.

#LI-HEH

#LI-Hybrid

Experience:

• 6+ years of software development experience.
• 5+ years of experience in software security (e.g., security researcher, security engineer, or security architect).
• Proven leadership experience, with an advantage for experience as a security architect in a development organization.
• Experience in infrastructure security, security SDLC, and secure SaaS practices.

Technical Skills:

• Extensive knowledge and experience with the Secure Software Development Life Cycle (SSDLC).
• Expertise in secure development and coding practices.
• Proficiency in security testing and assurance methodologies.
• Strong understanding of security architecture and design principles.
• Experience with severity assessment and risk management.
• Proficiency in threat modelling and conducting security reviews for code, design, and architecture.
• Hands-on experience with AWS security best practices and AWS services.

Knowledge Base:

• Familiarity with security standards and practices (e.g., OWASP, NIST, SANS, CSA).
• Understanding of hardening procedures and network security.
• Knowledge of security compliance and frameworks such as FedRAMP or CSA CCM.
• Experience with network administration and security, identity management, and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS).

Personal Attributes:

• Demonstrated leadership, motivational, and mentorship abilities.
• Ability to think like a hacker and anticipate potential security threats.
• Fluent in English, with excellent communication, presentation, and crowd-facing skills.
• Experience with Agile development methodologies.
• Strong attention to detail and the ability to manage detail-intensive, interdependent tasks.

Desirable Qualifications

• Security management certifications (e.g., CISSP, CSSLP, CISM).
• Experience lecturing at security conferences (e.g., Black Hat, OWASP).
• Hands-on experience in security testing and research.
• Security of relational databases (MySQL, MS SQL Server, Oracle).

We are proud to foster a diverse and inclusive workplace, where every individual's unique background, perspective, and contribution is celebrated. We believe that by embracing diversity, we drive innovation and create a stronger, more united team. Inclusion is at the heart of who we are and how we succeed. All qualified applicants will receive consideration for employment without regard to race, colour, age, religion, sex, sexual orientation, gender identity, or disability. Upon conditional offer of employment, candidates are required to complete a comprehensive background check as per our internal policy. 

CyberArk is an equal opportunities employer. If you would like any special arrangements made for your interview, please inform the EMEA Talent Acquisition team upon your application so that we may take steps to accommodate your needs.