Cybersecurity Architect - Threat and Vulnerability Management

Job Description

Who We Are
Creative Artists Agency (CAA) is the leading entertainment and sports agency, with global expertise in filmed and live entertainment, digital media, publishing, sponsorship sales and endorsements, media finance, consumer investing, fashion, trademark licensing, and philanthropy. Distinguished by its culture of collaboration and exceptional client service, CAA's diverse workforce identifies, innovates, and amplifies opportunities for the people and organizations that shape culture and inspire the world. The trailblazer of the agency business, CAA was the first to build a sports business, create an investment bank, launch a venture fund, found technology start-up companies, establish a philanthropic arm, build a business in China, and form a brand marketing services division, among other innovations. Named Most Valuable Sports Agency by Forbes for eight consecutive years, CAA represents more than 2,000 of the world's top athletes in football, baseball, basketball, hockey, soccer, in addition to coaches, on-air broadcasters, and sports personalities and works in the areas of broadcast rights, corporate marketing initiatives, social impact, and sports properties for sales and sponsorship opportunities. Founded in 1975, CAA is headquartered in Los Angeles, and has offices in New York, Nashville, Memphis, Chicago, Miami, London, Munich, Geneva, Stockholm, Shanghai, and Beijing, among other locations globally.


The Role

• We are seeking a strategic and hands-on Cybersecurity Architect to join our Purple Team, responsible for designing, validating, and continuously evolving enterprise security architecture in alignment with real-world adversarial threats. This role operates at the intersection of offensive and defensive security, leveraging Red Team insights and Blue Team capabilities to ensure systems are secure by design, resilient by default, and continuously tested against emerging attack techniques.
• As a key leader in our security organization, the Cybersecurity Architect will drive the development of secure design principles, reference architectures, and security standards across a modern, SaaS-enabled and cloud-first ecosystem. This includes securing complex identity flows, third-party integrations, APIs, and distributed systems while addressing the shared responsibility model inherent in SaaS platforms.
• The ideal candidate brings a deep understanding of attacker methodologies and defensive controls, applying that knowledge to proactively identify architectural weaknesses, reduce attack surface, and enhance detection and response capabilities. This individual will work closely with engineering, cloud, and product teams to embed security into the software development lifecycle, ensuring that security is not an afterthought but a foundational component of system design.
• This role requires a balance of technical depth and strategic influence, with responsibility for translating complex threats into actionable architectural improvements and guiding the organization toward Zero Trust and secure-by-design maturity. Success in this position will be measured by the organization's ability to prevent, detect, and respond to sophisticated threats, as well as by the strength and scalability of its security architecture across both enterprise and SaaS environments.

Responsibilities

• Design and evolve enterprise security architecture with a strong emphasis on secure-by-design principles, ensuring security is embedded early in system and application lifecycles
• Lead the development and adoption of secure design patterns and reference architectures, particularly for cloud-native and SaaS-based environments
• Act as a key liaison between Red Team and Blue Team, translating adversarial findings into architectural improvements, detection use cases, and resilient system designs
• Plan and execute Purple Team exercises to validate security controls across infrastructure, applications, and SaaS platforms, ensuring visibility and response capabilities are effective
• Develop and maintain threat models for critical systems, including SaaS integrations, APIs, and identity flows, identifying attack paths and prioritizing mitigations
• Define and enforce security architecture standards for SaaS adoption
• Assess and secure SaaS ecosystems, including third-party integrations, OAuth applications, and API exposure risks
• Evaluate and recommend controls for modern architectures, including Zero Trust, microservices, containers, and serverless environments
• Drive improvements in detection engineering by mapping adversary TTPs (e.g., via MITRE ATT&CK) to logging, alerting, and response capabilities
• Collaborate with cloud and platform teams to ensure secure configuration and continuous compliance across SaaS and IaaS environments
• Conduct architecture risk assessments and provide actionable remediation strategies aligned with business risk tolerance
• Promote security observability across SaaS platforms by ensuring proper logging, telemetry, and integration with SIEM/SOAR solutions
• Mentor engineers and architects on secure design principles, SaaS security risks, and adversarial thinking

Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, or related experience
• 7+ years of experience in cybersecurity, with at least 2-3 years in architecture or senior engineering roles
• Hands on experience in Cyber Threat and Offensive Security operations to test and validate the effective operation of security controls, measuring the ability to stop threats and attacks at the earliest point in the kill chain
• Strong knowledge of network security, cloud security (AWS/Azure/GCP), and enterprise architectures
• Strong understanding of the fundamental operations of servers, operating systems, networks, cloud applications and infrastructure along with an advanced understanding of the key controls required for secure operation of these systems
• Experience scripting in at least one of the following languages: PowerShell, Python, JavaScript
• Experience in aligning threat and vulnerability management efforts to frameworks and control objectives - MITRE ATT&CK, NIST CSF, ISO27001, Center for Internet Security, OWASP,
• Experience integrating the following tools and capabilities into a successful threat and vulnerability program - Security Orchestration Automation and Response, Security Information and Event Management, Vulnerability Scanning, Security Threat Feeds, Red Team Tooling
• Knowledge of Zero Trust architecture and modern identity security practices

Location

This role is hybrid, based in our Nashville office.

Compensation

The annual base salary for this position is in the range of $179,000 - $205,000 in Nashville. This position is also eligible for benefits and a discretionary bonus. Ultimately, the salary may vary based upon, but not limited to, relevant experience, time in the role, business sector, and geographic location, among other criteria. Please talk with a CAA Recruiter to learn more.

Creative Artists Agency, LLC (the "Company") is committed to a policy of Equal Employment Opportunity and will not discriminate on the basis of race (inclusive of traits historically associated with race, including hair texture and protective hairstyles), color, religion, creed, gender or sex (including pregnancy, childbirth, breastfeeding or related medical conditions), national origin, ancestry, age, physical disability, mental disability, medical condition, genetic information, family and medical care leave status, military or veteran status, marital status, family status, sexual orientation, gender identity, gender expression, political affiliation, an employee's or their dependent's reproductive health decision making (e.g., the decision to use or access a particular drug, device or medical service), or any other characteristic protected by applicable law.

The absence of a permanent address is not a bar to employment. The Company does not discriminate against individuals based on housing status, including the absence of a fixed address.

The Company also complies with the Americans with Disabilities Act and applicable state and local laws with regard to providing reasonable accommodation for qualified individuals with disabilities.

CAA does not accept unsolicited resumes from third-party recruiters unless they were contractually engaged by CAA to provide candidates for a specified opening. Any such employment agency, person or entity that submits an unsolicited resume does so with the acknowledgement and agreement that CAA will have the right to hire that applicant at its discretion without any fee owed to the submitting employment agency, person or entity.