WHAT YOU WILL BE DOING

Key Responsibilities

Security Architecture & Strategy

Define, assess, and evolve the cloud security architecture and strategy across AWS, Azure, and GCP environments.

Lead and participate in cloud security architecture reviews, threat modeling sessions, and design assessments aligned to industry best practices.

Act as a subject-matter expert in CNAPP, CWPP, and CSPM technologies and cloud security risk frameworks.

Participate in Certification

Application & Cloud Security Engineering

Identify, analyze, and remediate cloud and application security issues on a day-to-day basis.

Analyze and remediate CSPM and CWPP findings, including identity risks, network exposure, vulnerabilities, and compliance gaps.

Work hands-on with development teams to design secure systems and implement fixes for security vulnerabilities.

Provide expert guidance on OWASP Top 10 vulnerabilities and lead remediation efforts across applications.

Identity & Access Security

Design and implement secure authentication and authorization solutions.

As an Identity security company, Strong knowledge of Identity security principals and security processes is a Must Have.

Demonstrate deep hands-on expertise with SAML, OAuth 2.0, and related identity protocols, including writing and reviewing production-grade code.

DevSecOps & CI/CD Integration

Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines and deployment workflows.

Build, review, and improve integrations between CI/CD pipelines, ticketing systems, and SIEM/SOAR platforms.

Perform technical health checks of cloud environments and DevSecOps pipelines prior to large-scale or production deployments.

Risk Management & Governance

Prioritize security risks based on business impact and attack paths, partnering closely with Product Management to drive remediation focus.

Create and maintain dashboards, metrics, and executive-level reports for security governance and leadership visibility.

Participate in internal and third-party audits, supporting evidence collection and remediation activities.

Collaboration & Communication

Lead and participate in security-related discussions with customers, partners, and internal stakeholders.

Work closely with InfoSec teams to develop communication plans and messaging for security issues and changes.

Communicate security risks, remediation plans, and architectural decisions clearly to scrum teams and leadership.

WHAT YOU BRING

• 10+ years of experience in security architecture, cloud security, or application security, with
  demonstrated senior-level impact.
• Strong hands-on development experience with Java, Grails, and Spring Framework.
• Deep expertise in OWASP vulnerabilities and practical remediation techniques.
• Proven hands-on experience implementing SAML, OAuth 2.0, and modern identity and access
  patterns.
• Strong experience with GitLab, CI/CD pipelines, and secure deployment best practices.
• In-depth knowledge of cloud security platforms (CNAPP, CSPM, CWPP) and cloud-native
  security controls.
• Ability to influence and collaborate across engineering, product, DevOps, and security teams.
• Preferred Qualifications
• Experience supporting regulated environments and participating in internal or third-party audits
• Must have 5+ years of programming experience in JAVA, GRAILS, SQL.
• Familiarity with SIEM/SOAR integrations and security automation.
• Experience working in Agile/Scrum environments with distributed engineering teams.
• Cloud security certifications (e.g., AWS, Azure, GCP, CCSK, CISSP) are a plus.

260000 - 275000 USD