As a Security Architect, you will lead the effort to secure the largest security company in the world. You will join a team of security architects responsible for setting the direction and coordinating efforts across our Products, Operations, Attack Surface Management, Network, IaC/PaC, SOC, and Platform Services Engineering on all security topics.
Work alongside the engineering teams, providing expert guidance, leadership, and advice on secure architecture, design, and implementation
Help proactively assess security risk through a deep understanding of current and future states of our products and services, threat modeling, requirements, architecture, design, and implementation reviews
Develop security architecture standards, frameworks, guidelines, and design patterns spanning all layers of security in the cloud from the host, server, and network to application and data security
Provide recommendations and implementation guidance for high-security and high-availability applications.
Requirements: 4+ years of experience in security architecture, application security, threat modeling, security assessments, and security reviews
Fluent in communicating technical security risks and security architecture impact to business leaders
Excellent team player, experience in Agile methodology while achieving common ground with the team in proposing pragmatic solutions - Ability to collaborate across organizational boundaries, cross-functional teams, build relationships, and achieve broader organizational goals
Comfortable in navigating ambiguity and the ability to decide on a working solution - Constantly executing on solving problems with incremental improvements
The ability to conduct decomposition, analysis, and high-level threat modeling of applications and systems - Capability to prioritize the high-risk threats based on experience and the current threat landscape
Thorough understanding of computer networking, routing, cryptography, and protocols
Working knowledge and experience with the phases of the Secure Software Development Lifecycle (SSDLC)
Working knowledge and experience with IT security and privacy risk assessments, as well as mapping of security controls
Working knowledge and experience with structured secure enterprise architecture practices, large-scale web applications, and cloud environments
Knowledge and experience working with virtual machines and containers (Docker, Kubernetes)
Working knowledge of infrastructure and application security concepts including firewalls, network security, intrusion detection/prevention systems (IDS/NIPS), application security, microservices security, password management, secrets management, access provisioning, IAM, RBAC, ABAC, endpoint security, SIEM, and OWASP
Knowledge and experience with common vulnerability scanning and penetration testing tools
Knowledge of common computer security issues, including systems, network, and application vulnerabilities
Experience in selecting, operating, and rationalizing security tooling for common security processes, including CSPMs, vulnerability scanners, etc.
Working knowledge and experience in devising and creating security architecture design patterns and security guidelines
Working knowledge and experience in threat modeling, security reviews, and Infrastructure-as-Code to identify security flaws and propose actionable mitigations
Working knowledge and experience in Mitre ATT&CK, Mitre CAPEC, Mitre CWE, HITRUST Threat Catalog, Security Technical Implementation Guides (STIGs), OWASP
Eagerness to research and learn the state of the art in securing applications and systems for continuous improvement
Education
Bachelor's degree from four-year college or university or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc. or equivalent military experience required.
This position is open to all candidates.