Application and Hybrid Cloud Security Architect
Imperva is a multi-billion dollar cybersecurity company, protecting the world’s largest organizations from cyber-attacks. We work in a Hybrid Model from home and from the office (Rehovot, Tel Aviv) and we have been recognized as one of the Best 50 high-tech companies to work for in Israel 2022 by Dun & Bradstreet!
We are looking for an Application and Hybrid Cloud Security Architect that will lead the efforts to secure and increase the robustness of Imperva’s products by guiding and monitoring the activities of the different development teams in Imperva to secure the development, design and secure architecture of the software products including conducting risk and threat analysis and responding to specific developers’ questions.
The architect will also investigate about specific standards and regulations that might apply to the product lines and monitor their implementation throughout the security development lifecycle.
As part of that role you’ll take significant part in shaping the future of the next generation cyber security products , be part of Imperva’s fight of against hackers and protecting the world’s largest organizations from cyber-attacks.
- Conduct security design reviews and threat modelling to existing and new software products and features developed internally, as well as for different 3rdparty and open source technologies
- Provide vulnerability remediation guidance and mentoring to product development software engineers
- Drive hybrid cloud security solution design for the security architecture framework (e.g., credential management, access provisioning, authentication and authorization, data security, network security, application security, infrastructure security, security monitoring, and operations security)
- Define and evangelize cloud and application security best practices
- Deliver hybrid cloud security architecture diagrams and security architecture specification per cloud and enterprise security architecture standards
- Design applications, integrations, and automation to improve security operations and governance
- Support adoption of automated security tools throughout the development lifecycle
- Maintain an active understanding of industry practices for secure software development and incident response
- Work with different entities in the enterprise to ensure compliance with corporate rules and support certification efforts
- Take an active part in the company architectural forums and provide the security perspective in new initiatives and projects
- Research of new technologies, architectural trends and security practices in the cloud and virtualization areas
Education and Experience:
- BSc in Computer Science, Software Engineering or Electrical Engineering with related
- Minimum 5 or more years of related work experience – could be either intense software architecture with security context or vast application security experience
- Relevant courses and certifications
Knowledge and Skills:
- Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security
- Vast experience in running threat modelling for complex systems
- Experience with the OWASP Top 10 and SANS 25, how to identify and remediate them
- Experience with public cloud environments and technologies, including Amazon Web Services (AWS) or other
- Ability to define problems, collect data, establish facts and draw valid conclusions and solutions
- Technical knowledge of access control mechanisms, intrusion detection and prevention, encryption, digital certificates and trust-based authentication
- Experience in securing containers and K8S
- Experience in working with software development groups and development executives
- Advanced skills, including conflict resolution, and management
- Advanced communication skills catered to a wide variety of audiences. (e.g. written, verbal, presentation); mastery in English and local language
- Advanced multi-tasking, and prioritization skills
- Experience in DevOps environments and automating security controls into the CI/CD process
- Vast Information security knowledge in different areas:
- Implementation of application security controls
- Operating Systems security
- Network security
- Solid understanding of Information Security including understanding of IT Security frameworks, policies, standards and technologies – ISO27001/SOX/PCI/SOC2 etc.
Imperva is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, ancestry, pregnancy, age, sexual orientation, gender identity, marital status, protected veteran status, medical condition or disability, or any other characteristic protected by law.