Platform Security Architect

Company Description

About CyberArk:
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on Twitter, LinkedIn or Facebook.

Job Description

As a Security Architect within our Central Security Team, you will play a pivotal role in enhancing and maintaining the security posture of our organization. You will own, manage, and lead key security initiatives, ensuring our products and systems are robust and resilient against threats. This role requires a dynamic leader with deep technical expertise and a passion for mentoring others.

• Threat Modeling and Security Standards:
  • Own, manage, and lead threat modeling and security standards workshops across the organization.
  • Define and propagate cross-company security best practices.
• Code and Design Reviews:
  • Initiate and participate in code reviews, design reviews, and other critical assessments to ensure security standards are met.
• Training and Awareness:
  • Prepare and deliver training sessions and security awareness activities to development teams and fellow security architects.
  • Conduct and train others on white-box security testing.
• Security Guidelines and Tools:
  • Contribute to the development and maintenance of secure-development guidelines and standards.
  • Manage security tools, provide training, and assist developers in utilizing these tools and interpreting reports.
• Penetration Testing and Incident Response:
  • Support external/internal pen-testing services.
  • Lead product incident response efforts and ensure timely and effective resolution.
• Knowledge and Expertise:
  • Continuously acquire relevant knowledge, stay updated with the latest security trends, and actively participate in security conferences and the broader security community.
  • Become a company expert in one or more technology domains.
• Cross-Company Collaboration:
  • Work within a cross-company security group, continuously raising the security bar and enhancing the organizational security posture.
    #LI-OS1

Qualifications

• Experience:
  • 6+ years of software development experience.
  • 3+ years of experience in software security (e.g., security researcher, security engineer, or security architect).
  • Proven leadership experience, with an advantage for experience as a security architect in a development organization.
• Technical Skills:
  • Extensive knowledge and experience with the Secure Software Development Life Cycle (SSDLC).
  • Expertise in secure development and coding practices.
  • Proficiency in security testing and assurance methodologies.
  • Strong understanding of security architecture and design principles.
  • Experience with severity assessment and risk management.
  • Proficiency in threat modeling and conducting security reviews for code, design, and architecture.
• Knowledge Base:
  • Familiarity with security standards and practices (e.g., OWASP, NIST, SANS).
  • Understanding of hardening procedures and network security.
  • Knowledge of security reviews and requirements.
• Personal Attributes:
  • Demonstrated leadership, motivational, and mentorship abilities.
  • Ability to think like a hacker and anticipate potential security threats.
  • Fluent in English and Hebrew, with excellent communication, presentation, and crowd-facing skills.
  • Experience with Agile development methodologies.
• Preferred Qualifications:
  • Security management certifications (e.g., CISSP, CSSLP, CISM) are advantageous.
  • Experience lecturing at security conferences (e.g., BlackHat, OWASP).
  • Hands-on experience in security testing and research.