Principal Security Architect (Information Security)
Palo Alto Networks · Santa Clara, CA · 3 wk ago
On-siteInformation Technology$168k–$271k/yrFull-time
About the role
The Team Information Security - We're not your ordinary Information Security team. We're a diverse group of security professionals who challenge the status quo in order to protect Palo Alto Networks and our customers. Driving innovation on the Information Security team of the fastest-growing high-tech cybersecurity company is a once-in-a-lifetime opportunity. You'll be joined by the brightest minds in technology, and our global teams are on the front line of defense against cyberattacks.
Key Responsibilities
- Define and maintain the authoritative security architecture patterns for services across multi-cloud environments, including GCP, AWS, Azure, OCI, and SAP.
- Lead the design of secure, scalable, and resilient systems by championing 'Security by Design' principles such as isolation, identity management (IAM), and data protection.
- Drive the architectural strategy and implementation of Zero Trust principles across development environments and production SaaS platforms.
- Own the organization's threat modeling methodology, facilitating deep-dive sessions for critical features to identify attack vectors in complex distributed systems.
- Translate architectural risks into actionable items for the Cybersecurity Risk Register, effectively communicating the business impact to leadership.
- Provide high-level technical guidance and mentorship to Staff and Senior security engineers, fostering a culture of engineering excellence and proactive security.
- Lead cross-functional 'Tiger Teams' through complex security implementations, acting as the bridge between Developer, Product Engineering, and InfoSec teams.
Qualifications
- 8+ years of experience in security engineering and/or security architecture, with at least 4+ years in a Principal or Lead capacity.
- Deep, hands-on architectural expertise in at least one major public cloud provider (GCP, AWS, Azure, OCI, or SAP) with a strong working knowledge of the others.
- Demonstrated sophisticated, deep knowledge and hands-on experience with modern Secure-by-Design, Privacy-by-Design, and Zero Trust principles and practices.
- Proven track record of executing complex threat models (e.g., STRIDE, PASTA, DREAD) for microservices and serverless architectures.
- Proficiency with a scripting language such as Python or Go and experience securing CI/CD pipelines.
Preferred Qualifications
- Experience securing AI/ML ecosystems, with a deep understanding of adversarial machine learning attacks and defenses for Large Language Models (LLMs).
- Deep understanding of the security vendor landscape, with experience designing or using CSPM, CWPP, or Container Security platforms.
- Exceptional ability to communicate technical risk to executive audiences and negotiate architectural trade-offs with product owners.
- Experience with well-architected frameworks (AWS, Azure, GCP) and their security pillars.