Associate Principal Engineer, Cloud Security

This is a fully remote position, open to applicants in Sri Lanka.

📋 Description

• Design and uphold enterprise-level security architecture, reference models, and security frameworks.

• Execute threat modeling (utilizing methodologies like STRIDE, DREAD, LINDDUN, or others) for applications, APIs, and infrastructure.

• Analyze both high-level and low-level solution designs for security vulnerabilities and suggest mitigations.

• Establish secure coding standards and support development teams in implementing secure practices related to Cryptography & Hardware Security Module (HSM).

• Oversee the management and operation of HSMs (such as Thales, nCipher, Azure Key Vault Managed HSM, AWS CloudHSM, etc.).

• Supervise lifecycle operations, including key generation, rotation, storage, distribution, and decommissioning - Implement and uphold cryptographic standards (AES 256, RSA 2048/4096, ECC, TLS 1.2/1.3, etc.).

• Integrate HSMs within application workflows and enterprise systems for Compliance & Security Validation.

• Assess third-party and internal software integrations for compliance with standards (ISO 27001, PCI DSS, SOC 2, local regulatory standards).

• Conduct architectural risk assessments and manage the secure onboarding of vendors and SaaS platforms.

• Ensure that solutions are aligned with Zero Trust principles and enterprise security policies related to Cloud & Infrastructure Security.

• Design secure solutions in cloud environments (Azure, AWS, GCP) - Define strategies for IAM, network segmentation, encryption, and logging.

• Evaluate and enhance the security of containers and Kubernetes.

• Participate in incident response planning and root cause analysis.

• Maintain security documentation, roadmaps, and architectural standards.

• Collaborate effectively with DevOps, development, networking, and governance teams.

⛳️ Requirements

• 7 - 12 years of comprehensive experience in cybersecurity, information security, or related fields.

• 3 - 5 years of direct experience in security architecture or security engineering roles.

• Practical experience with enterprise security tools, cloud security configurations, and security frameworks.

• Familiarity with regulated or compliance-driven environments (e.g., PCI DSS, ISO 27001, GDPR, KSA regulatory requirements).

• Bachelor's or Master's degree in Computer Science, Cyber Security, Information Systems, or a related discipline (or equivalent practical experience).

• Understanding of security architecture frameworks (SABSA, TOGAF, NIST CSF, NIST 800 53).

• Expertise in threat modeling and secure design methodologies.

• Hands-on experience with HSMs, cryptography, and key management systems.

• Profound knowledge of IAM, network security, cloud security, and API security.

• Experience with secure SDLC and DevSecOps practices.

• Familiarity with SIEM, SOAR, endpoint security, and vulnerability management tools.

• Capability to evaluate software for regulatory compliance and perform risk assessments.

• Excellent documentation and communication skills.

🏝️ Benefits

• Employees have the option to work remotely.