Senior Secure Platform Specialist

Apply now »

Date: Nov 18, 2025

Location: Saudi Arabia

Company: King Abdullah University of Science & Technology

Job Purpose

We are seeking a Senior Secure Platform Specialist to lead the design, security, lifecycle management, and automation of our secure landing zone infrastructure, built on VMware vSphere, VMware Aria, Linux, Windows,  Omnissa Horizon (VDI), and CyberArk. This hybrid role combines infrastructure expertise, security engineering, compliance alignment, and cross-functional collaboration, serving as the trusted authority for secure platform operations.

The ideal candidate brings deep technical expertise and strategic thinking, with full accountability across the infrastructure lifecycle, compliance (e.g., NIST 800-53), and governance. You’ll work closely with InfoSec, HPC teams, IT, DevOps, and the Export Compliance Office to ensure that both the platform and its workloads meet evolving operational, legal, and regulatory standards.

 

 

Major Accountabilities

Own the full lifecycle (design, deploy, operate, optimize, and decommission) of critical infrastructure platforms

 vSphere & Aria Secure Landing Zone

  • Architect and administer secure vSphere clusters and Aria Operations/Automation instances
  • Configure distributed resource scheduling, security hardening, workload segmentation, and capacity planning
  • Monitor with Aria Ops for compliance, performance, and availability
  • Lead host patching, firmware updates, and decommissioning processes for end-of-life infrastructure

CyberArk Privileged Access Management

  • Architect and manage the CyberArk Core Vault, DR Vault, PVWA, CPM, and PSM
  • Onboard and govern privileged accounts and credential lifecycles (human and non-human)
  • Enforce session isolation, recording, and vaulting policies
  • Integrate CyberArk with IdPs, SIEMs, and ITSM systems
  • Oversee upgrades, platform health, and safe retirement

Omnissa Horizon (VDI)

  • Design and maintain VDI infrastructure (Connection Servers, Unified Access Gateways, Load Balancing)
  • Configure user pools, Smart Policies, MFA, and security controls for sensitive access
  • Manage golden image lifecycle, patching, and pool recomposition
  • Monitor performance, login behavior, and entitlement drift
  • Retire unused pools and infrastructure with compliance traceability

Security & Compliance Management

  • Own enforcement and alignment of NIST 800-53 controls within infrastructure
  • Maintain audit readiness: documentation, POAMs, evidence collection, control mapping
  • Continuously assess platform configurations for compliance drift and automate remediation
  • Implement export boundary enforcement in coordination with Export Compliance Officer

DevSecOps Enablement & Automation

  • Implement Infrastructure-as-Code and automated workflows for provisioning, security patching, and audit evidence generation
  • Use tools like Terraform, Ansible, PowerShell, or Python to reduce manual effort and enforce consistency
  • Integrate Aria, CyberArk, and VDI infrastructure into CI/CD and DevOps pipelines to secure deployments
  • Develop reusable templates, runbooks, and guardrails for internal developers and IT engineers

Cross-Functional Collaboration

Act as the central point of coordination for platform-level security and lifecycle operations:

  • Information Security/GRC: align with security policies, audits, and compliance attestation
  • IT Operations: coordinate upgrades, maintenance, and incident response
  • HPC and Scientific Computing Teams: ensure secure enablement of high-performance, regulated workloads
  • Export Compliance Officer: validate regional data boundaries, export-controlled operations, and workload placement
  • Enterprise Architects: support secure platform modernization and alignment with cloud transformation initiatives

 

Person Requirements

Competencies

· Strategic Infrastructure Leadership
Lead platform lifecycle planning, modernization, and long-term roadmap execution.

·  Security Architecture & Enforcement
Apply Zero Trust principles, privileged access management, and secure workload segmentation across virtualized environments.

·  Compliance Execution & Audit Readiness
Manage compliance alignment with NIST 800-53, export controls, and licensing conditions; own POAM resolution and control documentation.

·  Infrastructure Automation Expertise
Deliver scalable, consistent infrastructure through Infrastructure-as-Code and automated remediation pipelines.

·  Cross-Functional Communication & Influence
Bridge the gap between engineering, InfoSec, compliance, and operations teams; translate technical decisions into risk and policy terms.

·  Lifecycle Ownership Accountability
Fully own the planning, deployment, operations, optimization, and decommissioning of platform infrastructure components.

·  Risk-Driven Decision Making
Prioritize security, compliance, and performance trade-offs based on business risk and operational impact.

 

Qualifications
  • Bachelor’s or Master’s in Cybersecurity, Computer Science, or a related
  • Preferred Certifications:
  • CISSP, CISM, or GCCC
  • VMware VCAP/VCIX, Horizon Specialist
  • Linux, Windows OS
  • CyberArk Defender  
  • ITIL v4, TOGAF, or enterprise architecture frameworks

 

Experience

·  8–12+ years of experience in infrastructure, security engineering, or platform operations

·  Demonstrated expertise with:

  • VMware vSphere, Aria Operations/Automation
  • Omnissa Horizon (VMware Horizon)
  • CyberArk (PAM Suite, Core Vault, PSM, CPM)
  • Linux & Windows Server administration
  • Automation tools: Ansible, Terraform, PowerCLI, Python, CI/CD Pipelines, IaC
  • Monitoring and logging platforms (Aria Ops for Logs, Splunk, ELK)

·  Knowledge of:

  • NIST 800-53rev5 security controls and tailoring process
  • Export compliance regimes and license-bound workload constraints