Principal Security Engineer

Location: San Antonio, Texas, United States of America Earnings: Job Title: Principal Security Engineer, Application & Cloud Security Reporting to: Head of InfoSec The Opportunity We are seeking a visionary and hands-on Principal Security Engineer to architect and lead our Application and Cloud Security domains. This is a critical leadership role for a "player-coach" who will bridge the gap between security, engineering, and product delivery. You will not only identify risks but actively build solutions to mitigate them. You will be responsible for embedding security into the earliest stages of the development lifecycle ("Shift Left"), securing our multi-cloud footprint, and pioneering our approach to AI and Large Language Model (LLM) security. If you are passionate about automation, security-as-code, and building resilient systems that scale, this is the role for you. What You Will Do (Key Responsibilities) Draft and own technical security policies and procedures for Engineering and Product teams. You will translate complex compliance requirements (SOC 2, ISO 27001, PCI DSS) into actionable engineering standards. Serve as the primary security liaison to the Engineering and Delivery teams, attending sprint planning and architectural reviews to ensure security requirements are scoped early and acting as a trusted advisor to senior leadership when navigating complex security trade-offs. Partner with the Head of InfoSec and GRC teams to maintain our Unified Control Framework, ensuring our cloud and application controls satisfy audit requirements for ISO 42001 (AI) and ISO 27017 (Cloud). Architect and mature the Secure Software Development Lifecycle (SSDLC). Partner and mentor, the App/Cloud Sec team and integrate and tune automated security testing (SAST, DAST, SCA) directly into the CI/CD pipelines to block vulnerabilities before deployment. Lead threat modeling for new features and major architectural changes, ensuring design flaws are caught during the whiteboarding phase. Manage the Vulnerability Assessment and Penetration Testing (VAPT) program. You will scope and coordinate external penetration tests and manage the internal bug bounty triage process. Act as a mentor to developers, providing "just-in-time" training on secure coding practices to remediate recurring vulnerability patterns (e.g., OWASP Top 10). Own the security architecture for our multi-cloud environment (AWS, Azure, GCP). You will define and enforce Infrastructure as Code (IaC) security standards. Pioneer our AI Security Strategy. You will research and implement guardrails for LLM/AI platforms, focusing on prompt injection defense, model theft prevention, and secure data handling in AI pipelines. Design and maintain Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWPP) strategies to ensure real-time visibility into cloud misconfigurations. Act as a key stakeholder and technical lead during high-severity Incident Response investigations, specifically for application exploits and cloud infrastructure breaches. Partner with the SecOps team to configure and optimize our SIEM and MXDR platforms. You will write custom detection logic and correlation rules to identify sophisticated application attacks and cloud control plane anomalies. Perform root cause analysis on security incidents to feedback lessons learned into the policy and architecture phases. Required Qualifications 10+ years of progressive experience in cybersecurity, with at least 5 years dedicated to Application Security or Cloud Security engineering. Deep technical proficiency in AWS, including native security services (GuardDuty, Inspector, WAF, KMS) and IAM policy architecture. Strong coding/scripting background. You must be able to read and review code in languages such as Python, Go, Java, or Node.js to assist engineering teams. Expert knowledge of modern application security frameworks and standards, specifically OWASP Top 10, OWASP API Security Top 10. Proven experience implementing and managing DevSecOps pipelines (Jenkins, GitHub Actions) and toolchains (SonarQube, Snyk, Veracode, etc.). Hands-on experience with Container Security (Docker, Kubernetes) and securing serverless architectures. Demonstrated ability to write clear, concise technical policies and procedures that engineers can actually follow. Preferred Qualifications Experience securing AI/ML pipelines and familiarity with ISO 42001 or the NIST AI Risk Management Framework. Experience with Terraform or managing Infrastructure as Code. Advanced professional certifications such as CISSP, CCSP, OSCP (Offensive Security Certified Professional), or AWS Certified Security - Specialty. Previous experience in a "Security Champion" leadership role, bridging the gap between security and development teams.

Created: 2026-03-10