Full-Time
Public Sector Network Architect
Updated on 2/19/2025
Wiz
1,001-5,000 employees
Cloud security platform for businesses
Mid, Senior
No H1B Sponsorship
Remote in USA
Candidates must reside in the contiguous United States.
US Citizenship Required
You match the following Wiz's candidate preferences
Employers are more likely to interview you if you match these preferences:
- 4+ years of experience working as a Federal Cloud Network Architect/Engineer or Federal Network Security Architect/Engineer in AWS (other clouds a plus!).
- Intimate understanding of the DoD CC SRG in relation to the BCAP connection process, DoD PKI, DNS, and other technical requirements.
- Firsthand experience designing architecture in public cloud environments around the DoD CC SRG technical requirements and guiding a CSP (SaaS preferred) through an IL4 or IL5 ATO.
- Expertise architecting networking solutions in public cloud using cloud native services, while following cloud security best practices.
- Hands-on experience with cloud native environments utilizing containers (Kubernetes), microservices, IaC (infrastructure as code) and configuration management tools.
- Familiarity with CI/CD, GitOPs and automated build, test, and release processes.
- A strong sense of taking ownership for projects and leading them from start to finish.
- Ability to translate compliance requirements to technical outcomes.
- Ability to think outside the box when working with compliance frameworks by implementing technical solutions that meet the spirit of controls, vs. the written guidance.
- Knowledge of and ability to evaluate controls and requirements against NIST 800-53, DoD CC SRG, DISA STIGs etc.
- Knowledge of FIPS and other encryption methodologies needed to meet federal requirements.
- A thirst to use Wiz and learn everything the product can do.
- Candidates must meet EAR part 772 and ITAR 120.15 definition of a U.S. person (Any individual who is granted U.S. citizenship; or any individual who is granted U.S. permanent residence (green card holder); or any individual who is granted status as a “protected person”) and that they reside in the contiguous United States.
- Help guide Wiz through its DISA authorization journey!
- Act as the Cloud Network Security SME for all matters related to network security across AWS, Azure, and GCP.
- Perform architecture reviews and provide federal architecture requirements to help bring new features to Wiz4Gov.
- Ownership and crafting of detailed diagrams that align with FedRAMP ABD, NFD and DFD requirements, using tools like LucidChart, Visio, etc.
- Help test and validate new features to see their value for customer’s as well as help Wiz meet its own security and compliance goals.
- Work collaboratively with internal and external stakeholders, including DevOps teams, engineering teams, compliance officers, public sector operations and auditors, to address security-related concerns and make recommendations for improvements.
- Provide technical input into the development of System Security Plans (SSP), working with third-party assessment organizations (3PAOs) to achieve new authorizations, implement significant changes, etc.
- Stay up to date with the latest FedRAMP, DISA and NIST guidelines and ensure that systems and processes adhere to these standards, addressing any compliance issues promptly.
Wiz.io offers a cloud security platform that helps businesses secure their cloud operations, focusing on security, development, and DevOps teams. The platform provides a unified security command center that integrates into development workflows, allowing for vulnerability detection and compliance with industry regulations. Unlike competitors, Wiz.io emphasizes continuous monitoring and proactive threat detection to prevent data breaches. The company's goal is to enable businesses to operate securely and efficiently in the cloud.
Company Size
1,001-5,000
Company Stage
Series E
Total Funding
$1.9B
Headquarters
New York City, New York
Founded
2020
Simplify's Take
What believers are saying
- Partnerships with Cisco enhance Wiz's credibility and market reach.
- Acquisition of Dazz enhances Wiz's vulnerability management capabilities.
- Rising demand for cloud security boosts Wiz's market potential.
What critics are saying
- Broadcom reconsidering acquisition may signal valuation concerns for Wiz.
- Data exposure incidents could undermine trust in Wiz's security assessments.
- Departure of key executives may impact Wiz's strategic leadership.
What makes Wiz unique
- Wiz offers agentless security, reducing overhead in cloud environments.
- Their Security Graph engine provides graph-based analysis for deeper risk insights.
- Wiz integrates security into DevOps workflows, aligning with the DevSecOps trend.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Professional Development Budget
Growth & Insights and Company News
6 month growth
↑ 1%1 year growth
↑ 0%2 year growth
↑ 0%Anthropic, the AI startup founded by former OpenAI engineers, is in talks to raise up to $2 billion for a valuation of $60 billion. The latest round would more than triple the artificial intelligence startup’s valuation from a year ago. Leading the round is Lightspeed Venture Partners. If it comes to pass, the fundraise would make Anthropic the fifth most valuable U.S. startup, following SpaceX, OpenAI, Stripe and Databricks, according to CB Insights. It would be the seventh most valuable globally after SpaceX, ByteDance, OpenAI, Stripe, Shein and Databricks
"By correlating Cisco's renowned network security capabilities with Wiz's cutting-edge Security Graph engine - which provides straightforward, context-driven insights into critical exposure - enterprises gain deeper visibility and better risk prioritization.
New York-based cloud security startup Wiz, announced that it has identified a publicly accessible ClickHouse database belonging to DeepSeek, granting full control over database operations, including access to internal data. This exposure contains over a million lines of log streams with sensitive information, such as chat histories, secret keys, and backend details. The Wiz Research team responsibly disclosed this issue to DeepSeek, which promptly took action to secure the exposed data.Developed by Yandex, ClickHouse is an open-source, columnar database management system designed for fast analytical queries on large datasets. It is used for real-time data processing, log storage, and big data analytics, making it a valuable and sensitive tool.Based out of Hangzhou, China, DeepSeek is an AI company that has launched the DeepSeek-R1 reasoning model, rivalling OpenAI’s o1 in performance and cost-efficiency.Wiz uncovered ClickHouse databaseDuring the external security posture assessment of DeepSeek, the US company claims to have found a publicly accessible ClickHouse database linked completely open and unauthenticated, exposing sensitive data.“It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000,” says Wiz in its blog. This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. According to Wiz, the exposure provided complete control over the database and the possibility of privilege escalation within the DeepSeek environment, with no authentication or protective measures against outside threats. Wiz began their reconnaissance by examining the publicly available domains of DeepSeek. Utilising both passive and active techniques, they identified approximately 30 internet-facing subdomains. Most subdomains appeared harmless, including the chatbot interface, status page, and API documentation.However, when they expanded their search beyond standard HTTP ports (80 and 443), they discovered two unusual open ports (8123 and 9000) on the following hosts:– http://oauth2callback.deepseek.com:8123 – http://dev.deepseek.com:8123 – http://oauth2callback.deepseek.com:9000 – http://dev.deepseek.com:9000 “This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries like: SELECT * FROM file(‘filename’) depending on their ClickHouse configuration,” says the company
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More. DeepSeek and its R1 model aren’t wasting any time rewriting the rules of cybersecurity AI in real-time, with everyone from startups to enterprise providers piloting integrations to their new model this month.R1 was developed in China and is based on pure reinforcement learning (RL) without supervised fine-tuning. It is also open source, making it immediately attractive to nearly every cybersecurity startup that is all-in on open-source architecture, development and deployment.DeepSeek’s $6.5 million investment in the model is delivering performance that matches OpenAI’s o1-1217 in reasoning benchmarks while running on lower-tier Nvidia H800 GPUs. DeepSeek’s pricing sets a new standard with significantly lower costs per million tokens compared to OpenAI’s models. The deep seek-reasoner model charges $2.19 per million output tokens, while OpenAI’s o1 model charges $60 for the same
Merchant joins Wiz as a highly accomplished executive, advisor and board member with nearly 30 years of diverse global leadership experience scaling public and private companies.