Sr. Cybersecurity Architect

Company Overview

KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. Virtually every electronic device in the world is produced using our technologies. No laptop, smartphone, wearable device, voice-controlled gadget, flexible screen, VR device or smart car would have made it into your hands without us. KLA invents systems and solutions for the manufacturing of wafers and reticles, integrated circuits, packaging, printed circuit boards and flat panel displays. The innovative ideas and devices that are advancing humanity all begin with inspiration, research and development. KLA focuses more than average on innovation and we invest 15% of sales back into R&D. Our expert teams of physicists, engineers, data scientists and problem-solvers work together with the world’s leading technology providers to accelerate the delivery of tomorrow’s electronic devices. Life here is exciting and our teams thrive on tackling really hard problems. There is never a dull moment with us.

Job Description/Preferred Qualifications

The Cybersecurity group at KLA is dedicated to protecting global business operations by proactively identifying threats, securing cloud and on-prem environments, and ensuring the integrity of critical systems and intellectual property. As part of our Cyber Architecture and Engineering team, we are seeking a Senior DevSecOps Architect to lead the integration of security into the software development lifecycle (SDLC), CI/CD pipelines, cloud-native applications, AI-driven chatbot systems, and data analytics platforms like Databricks.

This role will be responsible for designing and implementing security controls across DevOps workflows, cloud environments, software applications, data platforms, and AI-driven chatbots. The ideal candidate will work closely with development, cloud, IT, data engineering, and security teams to drive a security-first culture while enabling innovation and agility.

What You Will Be Doing:

• DevSecOps Strategy & Implementation: Define and execute a DevSecOps roadmap that integrates security into CI/CD pipelines, Kubernetes, serverless applications, and AI-driven chatbot platforms

• Azure Chatbot Security: Implement secure AI and chatbot architectures in Azure, ensuring compliance with security standards, data protection, and access control.

• Databricks Security & Data Protection: Secure data lakes, ML models, and Databricks notebooks by implementing role-based access control (RBAC), encryption, and compliance monitoring

• Security Automation & Infrastructure as Code (IaC): Automate security controls using Terraform, Ansible, Bicep, and Azure Policy to enforce security in cloud-native deployments

• Azure Key Vault & Secrets Management: Design and implement secure identity and secrets management strategies, ensuring API keys, encryption keys, and credentials are properly managed.

• Digital Rights Management (DRM): Implement data protection, rights management, and access controls to ensure secure handling of intellectual property, digital assets, and sensitive data across applications and data platforms

• Cloud & Container Security: Establish best practices for securing containers, Kubernetes, microservices, and serverless functions, including runtime security and policy enforcement

• MITRE ATT&CK-Based Threat Modeling & Risk Management: Utilize MITRE ATT&CK techniques to enhance threat modeling, detection engineering, and security response strategies for applications, infrastructure, and data environments

• Zero Trust & API Security: Enforce security controls around OAuth, SAML, JWT, Zero Trust, and API gateways to secure applications, chatbot interactions, and Databricks data pipelines

• Security Monitoring & Incident Response: Leverage MITRE ATT&CK tactics to design threat hunting, detection, and response strategies using SIEM, XDR, and threat intelligence tools

• Compliance & Governance: Ensure DevSecOps implementations align with NIST, CSA, CIS, ISO 27001, and regulatory requirements (e.g., SOX, GDPR, CMMC, HIPAA)

• Collaboration & Training: Partner with development, IT, and security teams to build security awareness and advocate for secure coding, DevSecOps best practices, AI security, and data security

Desired Qualifications:

• Security certifications (CISSP, CSSLP, CCSP, CKS, OSCP, GCSA, or similar)

• Hands-on experience with CI/CD tools (Azure DevOps, GitHub Actions, GitLab CI/CD, Jenkins, ArgoCD, etc.)

• Expertise in Azure Security Services, including Azure Key Vault, Azure Sentinel, Defender for Cloud, and Security Center

• Experience securing AI-driven chatbot platforms (Azure Bot Service, OpenAI GPT, or similar)

• Strong knowledge of cloud security (Azure, AWS) and container security (Kubernetes, Istio, Docker)

• Experience securing Databricks workloads, data lakes, ML pipelines, and Spark environments

• Familiarity with Digital Rights Management (DRM) strategies for protecting sensitive assets

• Strong experience leveraging MITRE ATT&CK for threat modeling, detection engineering, and adversary simulation

• Experience implementing SAST, DAST, SCA, and RASP security solutions in DevOps workflows

• Familiarity with SOAR, SIEM, XDR, and threat intelligence tools

• Experience working with API security, OAuth2, JWT, SAML, and microservices security

• Strong understanding of secure coding principles, threat modeling, and OWASP Top 10

• Excellent communication skills to influence development teams, data engineering teams, and executive leadership

Minimum Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, or equivalent experience in a related field

• Minimum five (5) years of experience in DevSecOps, cloud security, or cybersecurity architecture

• Hands-on expertise in securing cloud-based AI/chatbot solutions, data platforms (Databricks), CI/CD workflows, and software development

• Strong background in cloud security, automation, and compliance

• Ability to design scalable and secure application architectures

• Passion for fostering a security-first DevOps culture

Base Pay Range: $108,900.00 - $185,100.00 Annually

Primary Location: USA-CA-Milpitas-KLA

KLA’s total rewards package for employees may also include participation in performance incentive programs and eligibility for additional benefits including but not limited to: medical, dental, vision, life, and other voluntary benefits, 401(K) including company matching, employee stock purchase program (ESPP), student debt assistance, tuition reimbursement program, development and career growth opportunities and programs, financial planning benefits, wellness benefits including an employee assistance program (EAP), paid time off and paid company holidays, and family care and bonding leave.

Interns are eligible for some of the benefits listed. Our pay ranges are determined by role, level, and location. The range displayed reflects the pay for this position in the primary location identified in this posting. Actual pay depends on several factors, including state minimum pay wage rates, location, job-related skills, experience, and relevant education level or training. We are committed to complying with all applicable federal and state minimum wage requirements where applicable. If applicable, your recruiter can share more about the specific pay range for your preferred location during the hiring process.

KLA is proud to be an Equal Opportunity Employer. We will ensure that qualified individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us at talent.acquisition@kla.com or at +1-408-352-2808 to request accommodation.

Be aware of potentially fraudulent job postings or suspicious recruiting activity by persons that are currently posing as KLA employees.  KLA never asks for any financial compensation to be considered for an interview, to become an employee, or for equipment. Further, KLA does not work with any recruiters or third parties who charge such fees either directly or on behalf of KLA. Please ensure that you have searched KLA’s Careers website for legitimate job postings.  KLA follows a recruiting process that involves multiple interviews in person or on video conferencing with our hiring managers.  If you are concerned that a communication, an interview, an offer of employment, or that an employee is not legitimate, please send an email to talent.acquisition@kla.com to confirm the person you are communicating with is an employee. We take your privacy very seriously and confidentially handle your information.