Full time position.
Own, drive and lead security processes, tools, methods, and knowledge and security enhancements in the product group.
Work closely with and follow the professional guidance by the R&D Security Leader.
Report to R&D group manager.
A Development Architect with huge passion for security! Learns and play with security on his spare time: theory, methodologies and hands on.
Has security mindset, and security principles they believe in.
- 6+ years of software development experience
- 3+ years in software security (security researcher/ security engineer / security architect)
- Leading experience
- Experience as a security architect in a development organization – an advantage
- Vast knowledge and experience in the following:
- Secure Software Development Life Cycle
- Secure development and coding practices
- Security testing and assurance
- Security architecture and design
- Severity assessment and Risk management
- Threat Modeling
- Security reviews for Code/Design/Architecture and requirements
- Knowledge in the following:
- Security standards and practices (OWASP, NIST, SANS, etc.)
- Hardening procedures
- Network and Network security
- Leader, motivator and mentor
- Think like a hacker
- Fluent in English and Hebrew (speaking and writing), presentation and crowd-facing skills
- Experience with Agile development
- Security management certificates (CISSP, CSSLP, CISM, etc.)
- Have lectured at security conferences (BlackHat, OWASP, etc.)
- Security testing/research hands-on experience
Tasks and activities
- Own, manage and lead Threat Modeling and Security Standards workshops
- Initiate and participate in code reviews, design reviews, etc.
- Prepare and deliver trainings and security awareness activities to the development teams and to other security architects
- Make sure everyone in the group are involved in security and have knowledge on the security aspects of the product
- Set the right security mindset to all the people and stakeholders of their groups
- Mentor new security architects
- Contribute to CyberArk’s secure-development guidelines and standards
- Manage security tools, train and help the developers on using those tools and reports
- Conduct and train others on white-box security testing
- Own and manage the hiring of external/internal pen-testing services
- Become a company security expert in one or more technology domains (i.e. Kernel, Web, SaaS, C++, etc.).
- Acquire relevant knowledge, be updated, go to security conferences and be involved with the security community