Senior Security Architect jobs in United States
cer-icon
Apply on Employer Site
company-logo

RoonCyber · 1 day ago

Senior Security Architect

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff

RoonCyber is a company focused on building a next-generation Cloud Application Detection & Response (CADR) and Runtime CNAPP platform. They are seeking a Senior Security Architect to own and architect the security intelligence layer of their platform, focusing on risk modeling, event correlation, and attack path reasoning.

Computer & Network Security

Responsibilities

Own and evolve our PASTA-based risk model across cloud inventory, runtime behavior, and security events
Architect probabilistic and contextual risk scoring across: Assets (workloads, identities, data, services), Vulnerabilities (static + runtime), Misconfigurations, Active exploit signals
Map business impact × exploitability × exposure × runtime evidence
Define risk normalization across cloud providers, platforms, and environments
Ensure risk outputs are explainable and defensible to SOC, engineering, and leadership
Design and own the event correlation architecture across: Runtime sensors (eBPF, language-level hooks), CNAPP sources (CSPM, CWPP, CIEM, DSPM), Cloud-native telemetry (CloudTrail, VPC Flow Logs, audit logs), External intel and enrichment (TI feeds, CVE metadata, exploit availability)
Define correlation primitives (time, identity, workload, process, network, code path)
Design incident aggregation logic (single-event → multi-stage incidents)
Eliminate alert duplication while preserving forensic fidelity
Drive incident confidence scoring and prioritization
Architect attack-path analysis that reflects how attackers actually move, not theoretical graphs
Design attack path modeling across: IAM role chains & privilege escalation, Network reachability & lateral movement, Service-to-service trust relationships, Runtime process ancestry and execution chains
Define traversal depth limits, confidence scoring, and path explosion controls
Enable “how did this happen” and “what could be next” reasoning for SOC and IR teams
Translate attack paths into clear responder guidance
Architect solution workflows that support real SOC and engineering outcomes, including: Incident response & containment, Vulnerability prioritization (runtime-aware), Misconfiguration remediation, Sensitive data exposure analysis, IAM over-permissioning and abuse detection
Define workflow states, ownership transitions, and automation hooks
Balance SOC speed with developer usability
Ensure workflows align with how security teams actually operate
Contribute directly to detection design and classification strategy
Help define detection logic across: Runtime syscall and behavior signals, Application-layer exploits, Abuse-of-legitimate-features patterns
Map detections to MITRE ATT&CK (tactics, techniques, sub-techniques)
Influence governance frameworks and policy enforcement models
Ensure detections are high-signal, explainable, and resilient to evasion

Qualification

Cloud platforms (AWS/Azure/GCP)Detection & response platformsAttack path analysisKubernetesContainerized workloadsProgramming in Rust/Go/C/C++EBPF conceptsSIEM/XDR/CNAPP systemsIncident response experienceSoft skills

Required

Strong background in red team, offensive security, or adversary simulation
Deep understanding of cloud platforms (AWS/Azure/GCP)
Deep understanding of Kubernetes and containerized workloads
Deep understanding of IAM systems and privilege models
Experience designing or operating detection & response platforms
Experience designing or operating SIEM/XDR/CNAPP systems
Experience designing or operating attack path or blast radius analysis
Practical coding experience in one or more: Rust, Go, C, C++
Familiarity with eBPF concepts and kernel-level telemetry
Familiarity with runtime instrumentation and syscall tracing
Familiarity with event pipelines and distributed systems

Preferred

Prior experience at a CNAPP, EDR, XDR, or cloud security startup
Hands-on SOC or incident response experience
Published research, tooling, or conference talks
Experience designing detection pipelines at scale
Familiarity with risk quantification models beyond CVSS

Benefits

Competitive compensation + equity

Company

RoonCyber

twitter
company-logo
RoonCyber delivers complete, unified cloud security with Runtime CNAPP combined with Cloud Application Detection and Response (CADR).
people-size11-50 employees
web-link
https://www.rooncyber.com

Funding

Current Stage
Early Stage
Company data provided by crunchbase