Job Description

Date:

Nov 18, 2025

Location:

Saudi Arabia

Company:

King Abdullah University of Science & Technology

Job Purpose

We are seeking a Senior

Secure Platform Specialist

to lead the

design, security, lifecycle management, and automation

of our

secure landing zone infrastructure

, built on

VMware vSphere

, VMware Aria,

Linux, Windows,

Omnissa Horizon (VDI)

,and

CyberArk

.

This hybrid role combines

infrastructure expertise, security engineering, compliance alignment

, and

cross-functional collaboration

, serving as the trusted authority for secure platform operations.



The ideal candidate brings deep technical expertise and strategic thinking, with full accountability across the

infrastructure lifecycle

,

compliance (e.g.,

NIST 800-53

), and governance. You'll work closely with InfoSec, HPC teams, IT, DevOps, and the Export Compliance Office to ensure that both the platform and its workloads meet evolving operational, legal, and regulatory standards.

Major Accountabilities

Own the full lifecycle (design, deploy, operate, optimize, and decommission) of critical infrastructure platforms

vSphere & Aria Secure Landing Zone

Architect and administer secure vSphere clusters and Aria Operations/Automation instances Configure distributed resource scheduling, security hardening, workload segmentation, and capacity planning Monitor with Aria Ops for compliance, performance, and availability Lead host patching, firmware updates, and decommissioning processes for end-of-life infrastructure

CyberArk Privileged Access Management

Architect and manage the CyberArk Core Vault, DR Vault, PVWA, CPM, and PSM Onboard and govern privileged accounts and credential lifecycles (human and non-human) Enforce session isolation, recording, and vaulting policies Integrate CyberArk with IdPs, SIEMs, and ITSM systems Oversee upgrades, platform health, and safe retirement

Omnissa Horizon (VDI)

Design and maintain VDI infrastructure (Connection Servers, Unified Access Gateways, Load Balancing) Configure user pools, Smart Policies, MFA, and security controls for sensitive access Manage golden image lifecycle, patching, and pool recomposition Monitor performance, login behavior, and entitlement drift Retire unused pools and infrastructure with compliance traceability

Security & Compliance Management

Own enforcement and alignment of

NIST 800-53

controls within infrastructure Maintain audit readiness: documentation, POAMs, evidence collection, control mapping Continuously assess platform configurations for compliance drift and automate remediation

Implement export boundary enforcement in coordination with Export Compliance Officer

DevSecOps Enablement & Automation

Implement

Infrastructure-as-Code

and automated workflows for provisioning, security patching, and audit evidence generation Use tools like Terraform, Ansible, PowerShell, or Python to reduce manual effort and enforce consistency Integrate Aria, CyberArk, and VDI infrastructure into CI/CD and DevOps pipelines to secure deployments Develop reusable templates, runbooks, and guardrails for internal developers and IT engineers

Cross-Functional Collaboration

Act as the central point of coordination for platform-level security and lifecycle operations:

Information Security/GRC:

align with security policies, audits, and compliance attestation

IT Operations:

coordinate upgrades, maintenance, and incident response

HPC and Scientific Computing Teams:

ensure secure enablement of high-performance, regulated workloads

Export Compliance Officer:

validate regional data boundaries, export-controlled operations, and workload placement

Enterprise Architects:

support secure platform modernization and alignment with cloud transformation initiatives

Person Requirements

Competencies

Strategic Infrastructure Leadership

Lead platform lifecycle planning, modernization, and long-term roadmap execution.

Security Architecture & Enforcement

Apply Zero Trust principles, privileged access management, and secure workload segmentation across virtualized environments.

Compliance Execution & Audit Readiness

Manage compliance alignment with NIST 800-53, export controls, and licensing conditions; own POAM resolution and control documentation.

Infrastructure Automation Expertise

Deliver scalable, consistent infrastructure through Infrastructure-as-Code and automated remediation pipelines.

Cross-Functional Communication & Influence

Bridge the gap between engineering, InfoSec, compliance, and operations teams; translate technical decisions into risk and policy terms.

Lifecycle Ownership Accountability

Fully own the planning, deployment, operations, optimization, and decommissioning of platform infrastructure components.

Risk-Driven Decision Making

Prioritize security, compliance, and performance trade-offs based on business risk and operational impact.


Qualifications




Bachelor's or Master's in Cybersecurity, Computer Science, or a related

Preferred Certifications:

CISSP

, CISM, or GCCC

VMware VCAP/VCIX

,

Horizon Specialist Linux, Windows OS

CyberArk Defender

ITIL v4

, TOGAF,

or enterprise architecture frameworks


Experience


8-12+ years of experience in infrastructure, security engineering, or platform operations

Demonstrated expertise with:

VMware vSphere

, Aria Operations/Automation

Omnissa Horizon (VMware Horizon)

CyberArk

(PAM Suite, Core Vault, PSM, CPM)

Linux & Windows Server

administration

Automation tools

: Ansible, Terraform, PowerCLI, Python, CI/CD Pipelines, IaC Monitoring and logging platforms (Aria Ops for Logs, Splunk, ELK)

Knowledge of:

NIST 800-53rev5

security controls and tailoring process * Export compliance regimes and license-bound workload constraints