Security Architect

Available Locations: London, England

About the role 

As an Security Architect you will play a key role in effectively designing secure network architectures, defensible builds & configurations, security platforms and automation, assisting in secure tool and product development, and will help establish security standards and guidelines across the enterprise. This role will focus on designing robust public key infrastructure and secrets management solutions to support Cloudflare’s secure authentication processes and encryption solutions for both our internal and client facing systems, users and applications. This role will also include collaborating with cross-functional teams including software engineering, cybersecurity, product management, etc. to integrate key management solutions into the Cloudflare environments. We are looking for a candidate that is passionate about cryptography and security. We are seeking Security Architects or Engineers proficient in strategy, design, and implementation of public key infrastructure and secrets management solutions to help make a better internet.

What You’ll Do

• Define security requirements for and design efficient public key infrastructure and secrets management solutions in complex environments.
• Take the lead security role in developing or enhancing existing enterprise-wide architectures, including Hardware Security Modules (HSMs), Certificate Authorities (CAs), Certificate Lifecycle Management (CLM), Key Vaults (KV), and similar technologies.
• Create and drive the secrets management capability roadmap with enterprise stakeholders.
• Lead projects to implement secure enterprise systems and identify issues that could compromise data integrity or security.
• Serve as the subject matter expert (SME) for PKI and secrets management across the enterprise.
• Develop security policies, procedures, and guidelines and recommend necessary changes to a given project team to ensure the company’s systems are fully compliant with all applicable regulatory requirements and privacy laws.
• Identify access management gaps and partners with application development teams for remediation.
• Design processes and workflows for rotation and revocation of secrets.
• Identify automation opportunities for lifecycle management of secrets.
• Utilize open communication and managerial courage to ensure the standards, expectations and goals of the organization are respected and upheld.
• Lead security-related public key infrastructure and secrets management projects from inception to successful completion. 
• Effectively coach technology staff on appropriate security protocols and requirements as they implement new technology into the organization.
• Work on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. 
• In conjunction with engineering and operations, improve and develop sustainable processes.
• Leverage wide-ranging experiences, professional concepts, and company objectives to resolve complex issues in creative and effective ways.
• Exercise judgment in selecting methods, techniques and evaluation criteria for obtaining results.
• Ensure security technology strategies are aligned with companies' business goals.

Examples of desirable skills, knowledge and experience.

• Extensive years of experience in an IT or Security related field heavily focused on secrets management and PKI.
• In-depth understanding of security concepts.
• Demonstrable expertise in cryptography, certificate management, and networking protocols.
• Hands-on experience with PKI technologies and standards such as X.509, OCSP, and CRL.
• Scripting / coding skills, in various languages, for automation.
• Knowledge of IT and Cybersecurity frameworks, such as NIST, FIPS, CSF, CIS, ISO 27001/2.
• Working knowledge of Cloud provider security architecture design patterns, and key control methods - Bring your own key, Hold your own key, partitioned HSMs.
• Experience with OWASP Web/API vulnerabilities and compensating controls (CSRF, XSS, SQLI, etc.)
• Understand how business, engineering, IT, and security processes align, and how to research, test, and implement solutions to complex objectives.
• Hands on experience in Information Security, specifically in PKI/Cryptography (on-premise and cloud) and secrets management.
• Experience in building Certificate Policy (CP) and Certificate Practice Statements (CPS)
• Experience with vendors such as Venafi, Hashicorp, Microsoft, Thales, etc.
• In-depth knowledge of Certificate Lifecycle Management, PKI Strategy and Design, and PKI Implementation.
• Experience producing and reviewing Technical Documentation.

Equity

This role is eligible to participate in Cloudflare’s equity plan.

Benefits

Cloudflare offers a complete package of benefits and programs to support you and your family.  Our benefits programs can help you pay health care expenses, support caregiving, build capital for the future and make life a little easier and fun!  The below is a description of our benefits for employees in the United States, and benefits may vary for employees based outside the U.S.

Health & Welfare Benefits

• Medical/Rx Insurance
• Dental Insurance
• Vision Insurance
• Flexible Spending Accounts
• Commuter Spending Accounts
• Fertility & Family Forming Benefits
• On-demand mental health support and Employee Assistance Program
• Global Travel Medical Insurance

Financial Benefits

• Short and Long Term Disability Insurance
• Life & Accident Insurance
• 401(k) Retirement Savings Plan
• Employee Stock Participation Plan

Time Off

• Flexible paid time off covering vacation and sick leave
• Leave programs, including parental, pregnancy health, medical, and bereavement leave