Cybersecurity Architect

The Cybersecurity Architect is a hands-on role responsible for evaluating, designing, and implementing security and compliance controls. This position plays a critical role in protecting Cornerstone OnDemand (CSOD) from internal and external threats through architecture reviews and ongoing assessments to identify, interpret, and remediate vulnerabilities across our cloud environments. You will lead the design and implementation of security and compliance controls across our AI/ML and cloud ecosystems, partnering closely with engineering, data science, and platform teams to embed security-by-design principles.

Hybrid in Santa Monica or Dublin, CA office

In this role you will...

• Design and implement controls for model training, fine-tuning, RAG workflows, agent/tool execution, and model serving on AWS (Bedrock, SageMaker, EKS) and GCP (Vertex AI, GKE).
• Establish LLM guardrails: prompt input/output filtering, content policy enforcement, tool permissioning, sensitive data protection, and output safety evaluation.
• Design and develop, cloud security solutions in AWS and GCP environments and drive automation to secure critical and sensitive data, services, applications, and infrastructure across our fast-growing organization.
• Drive threat modeling and secure coding practices; conduct secure code reviews and coach teams on remediation.
• Strengthen API and browser security: input validation, output encoding, CSRF/CORS, rate limiting, abuse prevention, and robust authZ models.
• Participate in architecture and design reviews with development/DevOps staff to incorporate effective security standards into design
• Provides guidance on data analysis and reporting, including the use of complex analysis or machine learning. Integrates and builds upon existing automation, security operations, and monitoring systems.
• Stay abreast of security development practices, including the research of current and evolving trends
• Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: Pipeline security, DevSecOps, CloudFormation templates, Docker, Kubernetes, SIEM, IPS, Vulnerability Scanners

• Bachelor's degree in an Information Technology-related field of study or equivalent
• 7+ years of experience in system, network, cloud security and risk management.
• 2+ years securing AI/ML or LLM systems (training, fine-tuning, inference, or RAG) in production.
• Strong knowledge of networking concepts, protocols (TCP/IP, HTTP, DNS, TLS) and technologies including firewalls, TLS, IDS/IPS system, cryptographic systems, identity management systems, RADIUS, etc
• Experience working in multiple security domains such as cloud security, platform hardening, vulnerability management, web application and browser security, penetration testing, applied cryptography, network protocols and secure network design

• Good experience with a wide range of AWS or GCP tools and deep practical experience with AWS and Google Cloud.

• Programming and automation: strong Python; working knowledge of Node.js; scripting and automation for pipelines and controls.

• Good experience with a wide range of AWS tools and deep practical experience with AWS and Google Cloud.
• Experience implementing security practices in a CI/CD environment

• Ability to translate risk into actionable engineering work; excellent documentation and communication.
• Excellent at multitasking, and open to constant learning