Description :

Role Overview :

We are looking for a Principal Security Engineer to lead and elevate our application, cloud, and operational security posture in a fast-paced engineering environment.

This role requires deep hands-on expertise across Application Security, Cloud Security, DevSecOps, and SecOps, along with the ability to influence engineering teams and embed security into the software development lifecycle.

The ideal candidate is highly technical, proactive, and comfortable operating in startup or high-growth environments.

Key Responsibilities :

- Perform application security reviews, threat modeling, and secure code assessments.

- Drive adoption of secure coding practices and secure SDLC across engineering teams.

- Identify, prioritize, and track remediation of vulnerabilities in collaboration with developers.

- Design, implement, and maintain DevSecOps pipelines, embedding security checks into CI/CD workflows.

- Integrate and manage security tooling such as SAST, DAST, container scanning, and IaC security.

- Automate security controls and reduce friction in developer workflows.

- Configure and monitor cloud security controls, including :

1. Identity & Access Management (IAM)

2. Network security and segmentation

3. Logging, monitoring, and compliance controls

- Ensure security best practices across cloud environments and containerized workloads.

- Conduct vulnerability assessments, penetration testing, and security reviews.

- Own bug bounty program triage, validation, prioritization, and remediation workflows.

- Track security risks and ensure timely mitigation.

- Lead and contribute to incident detection, response, investigation, and remediation.

- Improve monitoring, alerting, and response playbooks.

- Partner with engineering and operations teams to reduce mean time to detect (MTTD) and respond (MTTR).

- Work closely with engineering teams to strengthen overall security posture.

- Share security best practices and conduct security awareness sessions and developer training.

- Act as a trusted security advisor across the organization.

Required Skills & Experience :

- 10+ years of hands-on experience across Application Security, Cloud Security, DevSecOps, and SecOps.

- Proven experience working in startup or fast-growing engineering environments.

- Strong ownership mindset with the ability to operate independently.

- Deep understanding of :

1. OWASP Top 10

2. MITRE ATT&CK

3. Threat modeling methodologies

4. Secure SDLC principles

- Experience with bug bounty programs, vulnerability disclosure, or penetration testing.

- Hands-on experience with security tooling, including :

1. SAST / DAST

2. SIEM / XDR

3. Container security tools

4. Infrastructure-as-Code (IaC) scanning tools

- Familiarity with modern CI/CD pipelines and cloud-native environments.

- Strong verbal and written communication skills.

- Ability to collaborate effectively with engineers, platform teams, and business stakeholders.

- Capable of clearly explaining security risks, trade-offs, and remediation strategies.