We are seeking an experienced Principal Security Engineer - Temporary for our Information Security team with a broad skill set encompassing security engineering, identity services, cloud security, and application security. In this role, you will be responsible for evaluating, implementing, evangelizing, and maintaining robust security solutions to protect our organization's information assets across various platforms and environments. You will collaborate with cross-functional teams to ensure the confidentiality, integrity, and availability of our systems and data.
This is a temporary role for approximately six months with the potential for full time.
Primary Responsibilities and Duties – This role will be focused on these key functions
This role will design, validate, implement, and document security infrastructure and collaborate amongst Technology groups to support the internal user base and uphold InfoSec initiatives.
- Security Engineering: Architect and assist with the implementation of security controls, tools, and technologies to protect information assets from internal and external threats. Collaborate with engineering teams to integrate security into the development and deployment processes.
- Identity and Access Management (IAM): Architecture of the future for Identity. Design and implement strategies for IAM solutions to manage user identities, access rights, and privileges across on-premises and cloud environments. Establish authentication, authorization, and access control mechanisms to enforce security policies effectively. Zero Trust architecture.
- Cloud Security: Architect and implement security controls and best practices (SASE) for cloud infrastructure (e.g., AWS, Azure, Google Cloud) to protect data and workloads in cloud environments. Evaluate and recommend security services and technologies to enhance cloud security posture.
- Application Security: Collaborate with development teams to integrate security into the software development lifecycle (SDLC) and ensure secure coding practices are followed. Conduct security assessments, code reviews, and penetration testing to identify and remediate application security vulnerabilities.
- Security Standards and Compliance: Ensure compliance with industry standards, frameworks, and regulations related to information security (e.g., NIST, ISO/IEC 27001, PCI DSS). Develop and maintain security policies, standards, and procedures to align with regulatory requirements.