Security Architect

We’ve learned that scammers are impersonating Commvault team members—including HR and leadership—via email or text. These bad actors may conduct fake interviews and ask for personal information, such as your social security number.  

• Commvault does not conduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information, SSN, etc) before your first day.

If you suspect a recruiting scam, please contact us at wwrecruitingteam@commvault.com 

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

Security Architect 

The Opportunity 

As a Security Architect at Commvault, you will help secure the design and deployment of third-party and internal solutions across our internal environment and platforms. This role is hands-on and forward-looking, centered on identifying and mitigating security risks while enabling innovation at scale. 

As a member of the Security Architecture team you will partner closely with Enterprise Architecture, Security Engineering, and Cloud Security teams to conduct security reviews, define enterprise standards, and recommend improvements for new applications, solutions, and the overall Commvault enterprise environment. 

What You’ll Do 

• Identify and assess security risks across applications, networks, cloud architectures, identity platforms, and supporting infrastructure. 

• Evaluate third‑party platforms, SaaS applications, and integrations for security and compliance risks. 

• Collaborate with GRC, IT, and Eng teams to define, document, and implement enterprise security standards to meet regulatory, contractual, and internal governance requirements 

• Provide architectural guidance on secure network segmentation, zero trust design patterns, data protection mechanisms, access control models, and secure system configuration. 

• Establish and perform security design reviews and threat modeling for new or updated systems, applications, and integrations. 

• Assess cloud-native deployments and cloud architectures (AWS, Azure, GCP) to ensure alignment with security best practices and organizational standards. 

• Monitor emerging threats, vulnerabilities, and security technologies and translate them into actionable architecture improvements. 

Who You Are 

• 5+ years of experience in information security, product security, or security engineering roles 

• Strong ability to communicate and collaborate with both technical stakeholders and leadership across engineering, product, IT, and legal teams 

• Strong, structured writing ability needed to conduct security reviews  

• Working knowledge of common security frameworks (ISO, NIST, PCI-DSS, CIS, MITRE Attack Framework) and ability to apply these principles in practice 

• Strong understanding of: 

• Application security fundamentals, secure SDLC, and common application threat vectors 

• Network security standards and architectures, including firewalling, segmentation, VPNs, zero trust, IDS/IPS, web filtering, and encryption 

• IAM standards, including SSO, MFA, OAuth 2.0, OIDC, SAML, RBAC/ABAC, and privileged access patterns 

• Active Directory, Entra ID (Azure AD), directory services, identity federation, conditional access, and authentication hardening 

• Server configuration and hardening for both Linux and Windows systems 

• Securing hybrid cloud architecture and cloud-native services 

• Knowledge of modern threat modeling and risk assessment techniques. 

• Comfortable collaborating with engineering, data science, and product teams. 

• Able to translate complex technical security risks into practical guidance. 

Nice to Have 

• Knowledge of data protection, privacy, and governance principles. 

• Experience with cloud-native security tools and platforms. 

• Security and/or cloud certifications (CISSP, CCSP, GWAPT, AWS SAA, AZ-500, GCP Cloud Security Engineer) 

• Knowledge of email security practices (secure email gateways, anti‑phishing controls, DMARC/DKIM/SPF enforcement, malware scanning) 

• Hands-on experience implementing and/or operating security solutions including: 

• Firewall managers (CISCO Umbrella, Palo Altos) 

• EDR (Crowdstrike, SentinelOne, Windows Defender) 

• CSPM/CNAPP/CWPP (Wiz.io, Prisma Cloud, Orca, Crowdstrike Falcon, etc) 

• IGA/PAM (Sailpoint, Okta, Ping, CyberArk, BeyondTrust) 

• SIEM/SOAR (Splunk, Crowdstrike NG SIEM, MSFT Sentinel) 

• WAF (Imperva, Akamai, Cloud Native WAF solutions) 

• DLP (Forcepoint, Proofpoint, Symantec) 

• Email Security (Proofpoint, Trellix) 

• Experience in automating security architecture review processes