Cyber Security Architect

Summary

Data has never been more valuable and vulnerable. As cybercriminals become more sophisticated and regulations more strict, organizations struggle to answer one key question: “Is my data safe?

At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe the most practical approach is protecting data from the inside out. We’ve built the industry’s first fully autonomous Data Security Platform to help our customers dramatically reduce risk with minimal human effort.

At Varonis, we move fast. We’re an ultra-collaborative company with brilliant people who care deeply about the details. Together, we’re solving interesting and complex puzzles to keep the world’s data safe.

We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.

About the Role:

We are looking for an experienced Cyber Security Architect to join our Security Architecture team and help design, review, and guide the implementation of security controls across the organization.

The Cyber Security Architect will work closely with Security, IT, Engineering, Cloud, DevOps, Infrastructure, and business stakeholders to ensure that systems, applications, cloud services, SaaS platforms, and internal processes are designed and operated securely.

This role requires a strong combination of technical depth, risk-based thinking, practical security judgment, and the ability to translate security requirements into scalable architecture and actionable guidance.

Key Responsibilities:

Security Architecture & Risk Advisory

• Design and review security architecture across enterprise systems, applications, cloud environments, SaaS platforms, infrastructure, and third-party integrations.
• Define security requirements and assess architecture (including data flows, authentication models, network connectivity, APIs, and integrations) for new technologies, projects, and business initiatives.
• Perform technical security reviews of systems, tools, vendors, and integrations, identifying gaps and providing practical, risk-based recommendations.
• Clearly communicate security risks, business impact, and mitigation strategies to technical and non-technical stakeholders.
• Act as a trusted security advisor to IT, Engineering, DevOps, Product, and business teams, balancing risk reduction with business enablement.
  
  

• Define and improve identity and access control architecture across enterprise systems, cloud services, SaaS platforms, and internal applications.
• Support implementation and improvement of controls such as SSO, MFA, conditional access, device posture, privileged access management, RBAC, and access governance.
• Review authentication and authorization models for internal and external-facing applications.
• Help drive Zero Trust initiatives across users, devices, applications, networks, and data.
  
  

• Contribute to policies and procedures related to data protection, AI usage, and secure development.
• Document architecture decisions, exceptions, risks, compensating controls, and approved security patterns.
• Support continuous improvement of security architecture processes, documentation, and intake workflows.
• Partner with Governance, Risk & Compliance, Legal, Privacy, and Procurement teams as needed.
  
  

• Ensure systems are designed with appropriate security logging, SIEM integration, and visibility requirements to support SOC monitoring and incident response.
• Work with SOC, Detection Engineering, EDR/XDR, SIEM, and Incident Response teams to embed visibility and response requirements into architecture.
• Support investigations and post-incident reviews when architecture improvements or control enhancements are required
  
  

• 5+ years of experience in cyber security, security architecture, cloud security, infrastructure security, application security, or related roles.
• Strong understanding of enterprise security architecture principles.
• Hands-on experience with cloud platforms such as Azure, AWS, and/or GCP.
• Strong knowledge of identity and access management, including SSO, MFA, conditional access, RBAC, privileged access, and access governance.
• Experience reviewing security architecture for SaaS platforms, enterprise applications, APIs, and integrations.
• Familiarity with network security concepts, including segmentation, firewalls, VPN, ZTNA, proxies, DNS, TLS, and secure connectivity.
• Understanding of endpoint security, EDR/XDR, device compliance, and secure workstation/server configurations.
• Knowledge of data protection concepts such as encryption, DLP, classification, tokenization, secrets management, and key management.
• Ability to assess security risks and provide practical mitigation recommendations.
• Strong communication skills with the ability to explain technical risks to both technical and non-technical stakeholders.
• Ability to work independently, prioritize effectively, and manage multiple initiatives in parallel.
  
  

• Experience in a global enterprise or SaaS company.
• Experience with Zero Trust architecture and implementation.
• Experience with security architecture for AI tools, LLMs, automation agents, or MCP-like integrations.
• Familiarity with DevSecOps practices, CI/CD pipeline security, container security, Kubernetes, and infrastructure-as-code.
• Experience with security frameworks such as NIST CSF, ISO 27001, CIS Controls, MITRE ATT&CK, SOC 2, or CSA CCM.
• Experience with vendor security assessments and third-party risk reviews.
• Familiarity with Microsoft security ecosystem, Okta, CrowdStrike, Wiz, Palo Alto, Sentinel, or similar platforms.
• Relevant certifications such as CISSP, CCSP, CISM, or equivalent.