CyberArk is looking for an hand-on Cloud Security Architect to own, drive and lead security processes, tools, methods, knowledge and security enhancements in our Cloud Engineering team. The Cloud Security Architect will architect, design, implement and review security solutions on CyberArk SaaS environments. The Cloud Security Architect will work closely with and follow the professional guidance by the R&D Security Leader.
The ideal candidate is familiar with Security policies and best practices, modern automation tools and IaaS services. We are looking for someone with a security mindset who “thinks like a hacker”.
Responsibilities may include, but are not limited to:
- Leading all technical activities around SaaS security offering such as
- Plan security systems by evaluating network and security technologies for SaaS environment
- Develop security requirements for SaaS multi tenants security systems
- Maintain security by monitoring and ensuring compliance with industry best standards, policies, and procedures.
- Initiate and participate in code reviews, design reviews, etc.
- Conduct incident response analyses
- Working closely with Dev and Product Management on defining and developing SaaS offerings
- Conduct while-box security testing assessments. Including infrastructure and web application assessments.
- Implement application and infrastructure security controls and security enhancements
- Audit, test, or review system architecture for compliance with security best practices. Review and recommend technical, administrative and physical controls to mitigate identified risk.
- Prepare and deliver trainings and security awareness activities to the development teams and to other security architects
- Contribute to CyberArk’s secure-DevSecOps guidelines and standards
- Manage security tools, train and help the team in using these tools and reports
- Acquire relevant knowledge, be updated, go to security conferences and be involved with the security community
- Additional responsibilities as assigned.
Required of all CyberArk employees:
The Senior Cloud Security Engineer must adhere to the business and cultural goals required by all employees of CyberArk.
- Excellent communication skills;
- Think like a hacker
- Strong attention to detail;
- Strong hands-on technical abilities;
- Strong computer literacy and/or the comfort, ability and desire to advance technically;
- Strong understanding of Information Security in various environments.
- 4+ years of experience with software security (security researcher, security engineer, security architect).
- Vast experience in application security and security SDLC
- Experience as a security engineer in DevOps teams is an advantage
- Hand-on experience with AWS security best practices and AWS services is a plus.
- Hands-on experience with the following scripting technologies:
- Automation/Configuration management using either Ansible, Puppet, Chef or an equivalent
- Python, Ruby, Bash
- Bash is a plus
- Ansible is a plus
- PowerShell is a plus
- Vast knowledge and experience in the following:
- Strong background in securing Linux/Unix and Windows OS
- Secure SaaS practices
- Severity assessment and Risk management
- Threat Modeling
- Security reviews for Code/Design/Architecture and requirements
- Experience with Security audits and frameworks such as SOC2 or CSA
- Knowledge in the following:
- Security standards and practices (OWASP, SANS, etc.) is a plus
- Hardening procedures
- Network and Network security
- Strong understanding of network architecture and security configurations
- Experience with Identity Management and Authentication systems such as Active Directory, LDAP, SAML, Radius
- Demonstrated ability to assume sole and independent responsibilities
- Ability to keep track of numerous detail-intensive, interdependent tasks and ensure their accurate completion;
- Experience with Security of Relational Databases (MySQL, MS SQL Server, Oracle) is a plus
- Bachelor’s Degree in Computer Science or related field.
- Security management certificates (CISSP, CSSLP, CISM, etc.)
- Have lectured at security conferences (BlackHat, OWASP, etc.)
- Security testing/research hands-on experience