Application Security Architect
We are seeking an Application and Cloud Security Architect that will lead the efforts to secure and increase the robustness of Imperva’s products by guiding and monitoring the activities of the different development teams in Imperva to secure the development, design and secure architecture of the software products including conducting risk and threat analysis and responding to specific developers’ questions.
The architect will also investigate about specific standards and regulations that might apply to the product lines and monitor their implementation throughout the security development lifecycle.
In this role, you’ll take significant part in shaping the future of the next generation cyber security products, be part of Imperva’s fight of against hackers and protect the world’s largest organizations from cyber-attacks.
- Conduct security design reviews and threat modelling to existing and new software products and features developed internally, as well as for different 3rd party and open source technologies.
- Provide vulnerability remediation guidance and mentoring to product development software engineers
- Drive cloud security solution design for the security architecture framework (e.g., credential management, access provisioning, authentication and authorization, data security, network security, application security, infrastructure security, security monitoring, and operations security)
- Define and evangelize cloud and application security best practices
- Deliver cloud security architecture diagrams and security architecture specification per cloud security architecture standards
- Design applications, integrations, and automation to improve security operations and governance
- Support deployment of automated security tools throughout the development lifecycle
- Maintain an active understanding of industry practices for secure software development and incident response
- Conduct security reviews for different 3rd party and open source technologies
- Work with different entities in the enterprise to ensure compliance with corporate rules
- Take an active part in the company architectural forums and provide the security perspective in new initiatives and projects
- Explore about relevant regional or information related regulations and there relevancy to the product line
- Research of new technologies, architectural trends and security practices in the cloud and virtualization areas
Education and Experience
- B.Sc in Computer Science, Software Engineering or Electrical Engineering with related specialization.
- Minimum 5 or more years of related work experience – could be either intense software architecture with security context or vast application security experience.
- Relevant courses and certifications
Knowledge and Skills
- Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security
- Vast experience in running threat modelling for complex systems.
- Experience with the OWASP Top 10 and SANS 25, how to identify and remediate them
- Experience with public cloud environments and technologies, including Amazon Web Services (AWS) or other
- Ability to define problems, collect data, establish facts and draw valid conclusions and solutions
- Technical knowledge of access control mechanisms, intrusion detection and prevention, encryption, digital certificates and trust-based authentication
- Experience in securing containers and K8S.
- Experience in working with software development groups and development executives.
- Advanced skills, including conflict resolution, and management.
- Advanced communication skills catered to a wide variety of audiences. (e.g. written, verbal, presentation); mastery in English and local language
- Advanced multi-tasking, and prioritization skills
- Experience in DevOps environments and automating security controls into the CI/CD process
- Vast Information security knowledge in different areas:
- Implementation of application security controls.
- Operating Systems security
- Solid understanding of Information Security including understanding of IT Security frameworks, policies, standards and technologies – ISO27001/SOX/PCI/SOC2 etc.
Imperva is an analyst-recognized, cybersecurity leader—championing the fight to secure data and applications wherever they reside. Once deployed, our solutions proactively identify, evaluate, and eliminate current and emerging threats, so you never have to choose between innovating for your customers and protecting what matters most. Imperva—Protect the pulse of your business.