CyberArk R&D Product Security Leader

As a cyber security company, we make it our goal to maintain the highest security standards in our products, keeping a high and intensive focus on product security.

As R&D Product Security Leader you will continue to lead the product security domain in R&D and make sure that our product security is high and our products are safe from advanced attackers.

You will cultivate and advance our product security methodology and standards, build and train the security team, consult and advise on security aspects to the products’ teams, and finally – identify and lead the significant security efforts in the different products.

In your work, you will lead the product security domain for the whole R&D (hundreds of people), and you will work closely with the product managers, R&D managers and the security team.

In your job, you will:

  • Maintain & promote the security posture of CyberArk Products from the technical perspective, in view of today’s increasing levels of security threats & challenges.
  • Own the structured process for responding to security issues found in products installed in the field.
  • Manage ongoing penetration testing efforts for CyberArk products, including in-team testing, targeted penetration testing and external penetration test by 3rd parties
  • Maintain a strong connection to the field and our customers. Track and guide for secure deployment
  • Guide and coach the CyberArk R&D Division Security Leads, professionally escort and challenge them, set goals, and utilize them for advancing the product security domain.
  • Coordinate CyberArk R&D Engineers that serve as security contact points within the development teams (“Security Experts”), define a training program for them.
  • Design & implement a security training program for R&D members, suited to the technologies in use, to foster a culture of security consciousness across various software development teams
  • Lead – from definition to implementation – the significant security initiatives related to our products
  • Reflect and visualize the product security strategy and status to CyberArk’s senior management
  • Strengthen CyberArk’s ”security branch” in the industry (using blogs, public lectures, etc…)

Job requirements:

  • Track record for having found and addressed issues in web applications, complex systems, or desktop software packages
  • In depth knowledge and experience in the security world in general, and specifically secure development practices.
    • Secure development lifecycle process
    • Security standards and practices (OWASP, NIST, SANS, etc.)
    • Security frameworks at enterprise level
    • Security analysis and risk-based design review
    • Vast knowledge and experience in two or more of the following domains:
      • Secure development practices
      • Security testing and assurance
      • Security architecture and design
      • Security tools development
      • Risk management and reduction
    • Understanding product security’s ‘big picture’ and diving into small details
    • Basic understanding in cloud computing, and Software as a Service
    • Demonstrated effective leadership and organization skills
    • Strong time management and process skills (working effectively on multiple projects simultaneously)
    • Advanced written and verbal communication skills in Hebrew and English (including delivering presentations in English)
    • Proactive by nature; internal drive for excellence and improvement
    • Great interpersonal relations, open and communicative team player
    • Ability to share experiences with and learn from others
    • Familiar with meeting facilitation methods and best practices
    • High ability to use new technologies and understand them in depth through rapid self-learning
    • 6+ years of software development related experience
      • 3+ years in software security (security researcher/ security engineer / security architect)
      • 4 years of experience in programming
      • Advantage: experience as a security manager (not IT security)
    • Sc. in computer science / software engineering, or military programming course graduate
    • Full time position
    • Reports to R&D Division Manager

Knowledge in one or more of the following areasAn advantage:

  • Demonstrated experience in working in an Agile development organization (Scrum,  Kanban)
  • Basic understanding of enterprise architecture
  • Basic experience with one or more of the following fields
    • Hardening procedures (Windows, Linux, IIS, Apache)
    • Mobile application development
    • Network security (RDP, Active Directory, PKI)
  • Experience with privileged accounts products and industry
  • Security management certificates (CISSP, CSSLP, CISM, etc.) or have lectured at security conferences (BlackHat, OWASP, etc.)
  • Familiarity with security testing tools (application penetration testing)
  • Architecture / QA methodologies and principles

Apply Now

CyberArk provides equal opportunities in employment, development, and advancement to all employees, applicants for employment and all qualified persons without regard to race, color, sex, pregnancy, age, religion, national origin, ancestry, sexual orientation, gender identity, physical or mental disability, veteran status, military service, application for military service, genetic information, or any other characteristic protected under federal and applicable state law. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, transfer, leaves of absence, compensation and training.