Description :

As a Principal Security Engineer, you will be the ultimate owner of our application and cloud security posture.

You will drive the implementation of security-by-design principles across all engineering teams, performing code reviews, architecture assessments, and leading incident response for critical vulnerabilities.

This is a high-impact role requiring deep technical expertise and strong leadership.

Key Responsibilities :

- Application Security : Lead SAST/DAST (Static/Dynamic Application Security Testing) efforts, penetration testing coordination, and secure code review processes for all major applications.

- Cloud Security Posture : Define and enforce security configurations, policies, and best practices within our multi-cloud environment (AWS/Azure).

- Threat Modeling : Conduct comprehensive threat modeling for new features and system architectures to identify and mitigate risks early in the SDLC.

- Vulnerability Management : Manage the vulnerability remediation lifecycle, prioritize fixes, and track compliance across engineering teams.

- Security Automation : Build and implement automated security gates into the CI/CD pipeline (DevSecOps).

Required Skills :

- Deep knowledge of common web application vulnerabilities (OWASP Top 10).

- Extensive experience with cloud security tools and services (e.g., AWS Security Hub, Azure Security Center).

- Familiarity with compliance standards like PCI-DSS, SOC 2, or ISO 27001.

- Proficiency in at least one scripting language (Python/Go).

- Certifications such as OSCP, CISSP, or CCSK are highly desirable