Software Dev Principal Engineer - Security & Cloud Engineering (Product & SC)

You are seeking a Principal Engineer to take charge of Security and Cloud Engineering responsibilities for an enterprise Java product with On-Prem and SaaS deployments. In this role, you will be responsible for implementing secure SDLC practices, DevSecOps automation, container security, and platform hardening. Your primary focus will involve collaborating with engineering, DevOps, QA, and compliance teams to safeguard the product and infrastructure against vulnerabilities and ensure adherence to compliance standards. Your key responsibilities will include: Application & Infrastructure Security: Leading secure coding practices and integrating tools like SAST, DAST, Penetration Testing, and vulnerability scanning into the development lifecycle. You will analyze and address findings from tools such as SpotBugs, Polaris Synopsys, Acunetix, and custom security assessments. Threat Modeling & Risk Mitigation: Conducting threat modeling, evaluating security risks like SQL injection, XSS, CSRF, and privilege escalation, and guiding teams on secure implementation patterns. Cloud & Container Security: Strengthening Docker, Kubernetes, and SaaS infrastructure for secure-by-design deployments, and implementing policies for image scanning, secrets management, network segmentation, and runtime security. Security Automation & DevSecOps: Automating security checks in CI/CD pipelines using tools like GitLab CI, Jenkins, SonarQube, and promoting Infrastructure as Code (IaC) security. Governance & Compliance: Defining and enforcing security standards in alignment with OWASP, CIS Benchmarks, and industry best practices, and supporting security audits and compliance requirements. Mentoring & Collaboration: Mentoring engineers on secure design, coding, and deployment practices, and collaborating with product owners and engineering managers to drive secure feature development. To qualify for this role, you should possess: - 12+ years of experience in application security, DevSecOps, or cloud security within enterprise Java environments. - Strong knowledge of penetration testing, static/dynamic analysis, and tools like SpotBugs, Polaris, Acunetix, and OWASP ZAP. - Expertise in secure coding, vulnerability assessment, and remediation of common issues like SQL injection, XSS, and insecure deserialization. - Hands-on experience with Docker, Kubernetes, Helm, and cloud-native security tooling. - Familiarity with SaaS security concerns, such as multi-tenancy, access isolation, data encryption, and secure APIs. - Experience integrating security into CI/CD pipelines and using GitOps principles. Preferred qualifications include certifications like OSCP, CEH, CISSP, or CKS, prior experience with security automation, and knowledge of threat modeling frameworks and secure architecture principles. In return, we offer you the opportunity to influence product direction and architecture in a collaborative and learning-focused environment with access to modern tools and Gen AI platforms. You can expect a competitive salary, performance bonus, health insurance, and a hybrid work model. Join us at Quest, where we help companies manage and secure their business with innovative technology solutions. Visit Quest Careers | Where next meets now for more information and to explore opportunities to grow your career with us.,