Principal Security Engineer

Company Description

Responsibilities

• Design and implement security measures for website and API applications.
• Conduct security-first code reviews, vulnerability assessments, and posture audits for business-critical applications.
• Conduct security testing activities like SAST & DAST by integrating them within the project’s CI/CD pipelines and development workflows.
• Manage all penetration testing activities including working with external vendors for security certification of business-critical applications.
• Develop and manage data protection policies and RBAC controls for sensitive organizational data like PII, revenue, secrets, etc.
• Oversee encryption, key management, and secure data storage solutions.
• Monitor threats and responds to incidents involving application and data breaches.
• Collaborate with engineering, data, product and compliance teams to achieve security-by-design principles.
• Ensure compliance with regulatory standards (GDPR, HIPAA, etc.) and internal organizational policies.
• Automate recurrent security tasks using scripts and security tools.
• Maintain documentation around data flows, application architectures, and security controls.
  

Requirements

• 10+ years’ experience in application security and/or data security engineering.
• Strong understanding of security concepts including zero trust architecture, threat modeling, security frameworks (like SOC 2, ISO 27001), and best practices in corporate security environments.
• Strong knowledge of modern web/mobile application architectures and common vulnerabilities (like OWASP Top 10, etc.)
• Proficiency in secure coding practices and code reviews for major programming languages including Java, .NET, Python, JavaScript, Typescript, React, etc.
• Hands-on experience in at-least two Software tooling in areas of vulnerability scanning and static/dynamic analysis. Software tooling can include Checkmarx, Veracode, SonarQube, Burp Suite, AppScan, etc.
• Advanced understanding of data encryption, key management, and secure storage (SQL, NoSQL, Cloud) and secure transfer mechanisms.
• Working experience in Cloud Environments like AWS & GCP and familiarity with the recommended security best practices.
• Familiarity with regulatory frameworks such as GDPR, HIPAA, PCI DSS and the controls needed to implement them.
• Experience integrating security into DevOps/CI/CD processes.
• Hands-on Experience with automation in any of the scripting languages (Python, Bash, etc.)
• Ability to conduct incident response and forensic investigations related to application/data breaches.
• Excellent communication and documentation skills.
  

Good To have :

• Cloud Security certifications in either one of the below
• AWS Certified Security – Specialty
• GCP Professional Cloud Security
• Experience with container security (Docker, Kubernetes) and cloud security tools (AWS, Azure, GCP).
• Experience in safeguard data storage solutions like GCP GCS, BigQuery, etc.
• Hands-on work with any SIEM/SOC platforms for monitoring and alerting.
• Knowledge of data loss prevention (DLP) solutions and IAM (identity and access management) systems.
  

Perks

• Day off on the 3rd Friday of every month (one long weekend each month)
• Monthly Wellness Reimbursement Program to promote health well-being
• Monthly Office Commutation Reimbursement Program
• Paid paternity and maternity leaves
  

Qualifications

• Bachelor’s or Master’s degree in Computer Science, Engineering, or a related field.