Principal Security Engineer

Do you thrive in high-pressure environments safeguarding critical systems? Are you passionate about staying ahead of the ever-evolving cyber threat landscape? If so, we want you on our team! We are seeking a seasoned Principal Security Engineer to join our growing security team. As a senior-level cybersecurity professional, you will play a pivotal role in designing, implementing, and managing our organization's security posture. You will be a trusted advisor to leadership, providing strategic direction and ensuring our security solutions align with industry best practices and compliance requirements.

Reporting directly to the CISO, this position offers executive-level exposure and cross-departmental experience. The individual will have the opportunity to make impactful contributions as they manage mission-critical initiatives and projects. The position will involve direct interaction with the executive team and corporate partners.

Architect Secure Solutions: Design, implement, and maintain a comprehensive security architecture that safeguards our critical infrastructure, data, and applications.
Design, implement, and maintain robust security controls and countermeasures across our IT and Product Cloud infrastructure.
Collaborate with Product, Engineering, and other departments to integrate security best practices into business processes.
Lead Threat Defense: Champion proactive security measures.
Mentor a team of SecOps engineers, providing guidance and support in implementing security best practices.
Develop and implement security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
Collaborate with development, operations, and security teams to integrate security into the software development lifecycle (SDLC) and CI/CD pipeline.
Conduct security assessments, code reviews, and penetration testing to identify and mitigate vulnerabilities.
Design and implement security controls for infrastructure as code (IaC), cloud environments, and containerized applications.
Automate security testing and compliance checks using scripting and configuration management tools.
Monitor and analyze security events and incidents, leading incident response efforts to minimize impact and prevent recurrence.
Stay informed about emerging security threats, vulnerabilities, and industry trends, providing guidance on mitigation strategies.
Partner with senior leadership to prioritize security initiatives and allocate resources effectively.
Design and Implement automated monitoring and logging across the development and deployment pipeline to detect security incidents in real-time.
Utilize security tools to monitor for suspicious activities and indicators of compromise.
Integrate security alerts and notifications into the CI/CD pipeline to facilitate rapid detection and response.
Upon detection of a security incident, initiate a thorough investigation to assess the scope and impact of the incident.
Analyze logs, network traffic, and system configurations to identify the root cause of the incident and determine the extent of any compromise.
Collaborate with development, operations, and security teams to gather relevant information and context for incident analysis.
Compliance Champion: Ensure adherence to industry regulations and security compliance frameworks (e.g., PCI DSS, HIPAA, SOC 2).
Security Advocacy & Awareness: Champion a culture of security awareness within the organization, developing and implementing security training programs for employees.

Minimum 10 years of experience in information security with a proven track record of success in a similar role.
In-depth knowledge of security principles, technologies, and methodologies (e.g., firewalls, intrusion detection/prevention systems, encryption, IAM).
In-depth understanding of DevOps principles, methodologies, and tools.
Hands-on experience with cloud platforms (e.g., AWS, Azure, GCP), containerization technologies (e.g., Docker, Kubernetes), and infrastructure as code (IaC) tools.
Proficiency in scripting languages such as Python, PowerShell, or Bash.
Familiarity with compliance standards such as PCI DSS, SOC II, and ISO27001.
Excellent communication, collaboration, and problem-solving skills.
Knowledge of secure software development frameworks (e.g., OWASP).
Experience implementing security in Agile and DevOps environments.