Senior Security Architect

About CyberArk:
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on Twitter, LinkedIn or Facebook.

As a Senior Security Architect within our Product Security team, you will play a pivotal role in enhancing and maintaining the security posture of our organization. You will provide governance and guidance on security measures in product development and operations, ensuring our products and systems are robust and resilient against threats.  

This role requires a security professional who is also a thought leader with deep technical expertise and a passion for mentoring others as well as:

• Provide governance and guidance on security measures in product development and operations. 
• Oversee the implementation of security policies and serve as the main contact for guidance on security activities.  
• Define and propagate cross-company security best practices, and cloud security architectures. 
• Define and maintain secure development guidelines and standards.  
• Initiate and participate in code reviews, design reviews, threat modeling and other critical assessments to ensure security standards are met.  
• Prepare and deliver training sessions and security awareness activities to development and engineering teams.  
• Lead product incident response efforts and ensure timely and effective resolution.  
• Review and update security policies to align with evolving threats and organizational needs.  
• Lead the assessments of teams/services to ensure compliance with security policies and standards.  
• Manage security tools, provide training, and assist developers in utilizing these tools and interpreting reports.  
• Support external/internal penetration testing services. 

Experience

• 6+ years of software development experience.  
• 5+ years of experience in software security (e.g., security researcher, security engineer, or security architect).  
• Proven leadership experience, with an advantage for experience as a security architect in a development organization. 
• Experience in infrastructure security, security SDLC, and secure SaaS practices. 

Technical Skills: 

• Extensive knowledge and experience with the Secure Software Development Life Cycle (SSDLC).  
• Expertise in secure development and coding practices.  
• Proficiency in security testing and assurance methodologies.  
• Strong understanding of security architecture and design principles.  
• Experience with severity assessment and risk management.  
• Proficiency in threat modelling and conducting security reviews for code, design, and architecture.  
• Hands-on experience with AWS security best practices and AWS services. 
• Knowledge Base: 
• Familiarity with security standards and practices (e.g., OWASP, NIST, SANS, CSA).  
• Understanding of hardening procedures and network security.  
• Knowledge of security compliance and frameworks such as FedRAMP or CSA CCM.  
• Experience with network administration and security, identity management, and authentication systems and protocols (Active Directory, LDAP, SAML, RADIUS). 

Personal Attributes: 

• Demonstrated leadership, motivational, and mentorship abilities.  
• Ability to think like a hacker and anticipate potential security threats.  
• Fluent in English (Hebrew is a plus), with excellent communication, presentation, and crowd-facing skills.  
• Experience with Agile development methodologies.  
• Strong attention to detail and the ability to manage detail-intensive, interdependent tasks. 
• Desirable Qualifications 
• Security management certifications (e.g., CISSP, CSSLP, CISM).  
• Experience lecturing at security conferences (e.g., Black Hat, OWASP).  
• Hands-on experience in security testing and research.  
• Security of relational databases (MySQL, MS SQL Server, Oracle). 

LI-HA1

CyberArk is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

We are unable to sponsor or take over sponsorship of employment Visa at this time.

The salary range for this position is $152 - $210k/year, plus commissions or discretionary bonus, which will be based on the employee’s performance. Base pay may also vary considerably depending on job-related knowledge, skills, and experience. The compensation package includes a wide range of medical, dental, vision, financial, and other benefits.