(Ecosystem) Principal Cloud Security Engineer

<div class="p-pdf_iframe__page" data-page-number="1"> <div class="textLayer" data-main-rotation="0"><span>About the Role</span></div> <div class="textLayer" data-main-rotation="0">&nbsp;</div> <div class="textLayer" data-main-rotation="0"><span>We are seeking a highly experienced and action-oriented</span> <span>Senior Security Engineer</span> <span>to join the </span><span>Grand Central Platform team. This role focuses on developing and maintaining the robust </span><span>security posture of platforms key to our business, including the IPaaS (Integration Platform as a </span><span>Service) and the AI Agentic platform, which serve both internal employees and external financial</span><br><span>institution customers.</span><br><span>The ideal candidate possesses a strong technical and hands-on approach. You won't just </span><span>identify vulnerabilities and explain risks; you will actively collaborate with the team to implement </span><span>fixes. Our team champions the principle of "security as everyone's responsibility," adhering </span><span>strictly to established security standards and conventions.</span></div> <div class="textLayer" data-main-rotation="0">&nbsp;</div> <div class="textLayer" data-main-rotation="0"><span>What You'll Do &amp; Key Responsibilities</span></div> <div class="textLayer" data-main-rotation="0">&nbsp;</div> <div class="textLayer" data-main-rotation="0"><span>1. Platform Security Ownership:</span><br><span>●</span> <span>Own the overall security posture of the Platform.</span><br><span>●</span> <span>Act as the security representative for the team, conducting threat modeling, vulnerability </span><span>testing, risk analysis, and security assessments, and supporting incident handling.</span><br><span>●</span> <span>Mentor team members and contribute to the growth of the team's security capabilities.</span><br><span>●</span> <span>Propose and drive security initiatives, collaborating across various teams within the</span><br><span>company, and actively participate in the Security Guild.</span><br><span>2. Architecture, Design &amp; Cloud Security Implementation (Azure Focus):</span><br><span>●</span> <span>Collaborate with architects to enforce the “secure by design” principle for new Platform</span><br><span>components.</span><br><span>●</span> <span>Design, implement, and maintain secure cloud infrastructure and controls within Azure</span><br><span>environments.</span><br><span>●</span> <span>Ensure compliance with relevant security standards and regulations through regular</span><br><span>security assessments and risk analyses.</span><br><span>●</span> <span>Implement and maintain cloud security best practices across Azure environments.</span><br><span>●</span> <span>Bring deep expertise to designing and developing architectures that enhance visibility,</span><br><span>detection, mitigation, and observability.</span><br><span>3. Threat and Risk Management:</span><span>●</span> <span>Conduct comprehensive risk assessments, threat modeling, and penetration testing.</span><br><span>●</span> <span>Identify vulnerabilities and recommend strategic mitigation strategies for cloud security</span><br><span>threats.</span><br><span>●</span> <span>Secure cloud network architectures (Networking &amp; Security).</span><br><span>4. Identity, Access, and Monitoring:</span><br><span>●</span> <span>Design and enforce least privilege access and secure authentication mechanisms</span><br><span>(Identity &amp; Access Management - IAM).</span><br><span>●</span> <span>Maintain security monitoring tools (SIEM, CSPM, EDR), investigate threats, and manage</span><br><span>security incident response.</span><br><span>5. DevSecOps &amp; Automation:</span><br><span>●</span> <span>Embed security into CI/CD pipelines using DevSecOps methodologies.</span><br><span>●</span> <span>Automate security compliance checks and vulnerability assessments.</span><br><span>●</span> <span>Utilize expertise in</span> <span>Terraform or OpenTofu</span> <span>for Infrastructure as Code (IaC) security</span><br><span>automation.</span><br><span>●</span> <span>Collaborate with development teams to integrate security into the Secure SDLC,</span><br><span>promoting secure coding practices and regular security testing.</span><br><span>Required Qualifications</span><br><span>●</span> <span>8+ years of hands-on experience</span> <span>in cloud security, DevSecOps, or cloud engineering</span><br><span>with a dedicated security focus.</span><br><span>●</span> <span>Deep expertise in</span> <span>Azure cloud security architecture and services</span><span>.</span><br><span>●</span> <span>Strong experience with Cloud IAM, specifically:</span> <span>Azure AD, RBAC, PIM, and</span><br><span>Conditional Access.</span><br><span>●</span> <span>In-depth knowledge of</span> <span>IAM, RBAC, and access policies</span> <span>in Azure.</span><br><span>●</span> <span>Proven experience in designing and maintaining cloud-based IaaS, PaaS, and SaaS</span><br><span>environments.</span><br><span>●</span> <span>Expertise in</span> <span>Terraform or OpenTofu</span> <span>for IaC security automation.</span><br><span>●</span> <span>Experience with</span> <span>security monitoring tools SIEM, CSPM, EDR</span> <span>(e.g., Azure Sentinel,</span><br><span>Defender for Cloud).</span><br><span>●</span> <span>Strong proficiency in scripting and automation (</span><span>Python, Go, Bash</span><span>).</span><br><span>●</span> <span>Solid networking knowledge, including</span> <span>firewalls, VPNs, VNET peering, and WAF</span><span>.</span><br><span>●</span> <span>Experience in DevSecOps and embedding security into CI/CD pipelines, along with a</span><br><span>strong understanding of Secure SDLC.</span><br><span>●</span> <span>Familiarity with security compliance standards (e.g.,</span> <span>NIST, CIS, ISO 27001, SOC 2</span><span>).</span><br><span>●</span> <span>Familiarity with LLM/AI system vulnerabilities (e.g., prompt injection, data poisoning,</span><br><span>adversarial attacks).</span><br><span>●</span> <span>Demonstrated ability to identify, triage, and resolve security issues across traditional and</span><br><span>AI-based systems. Offensive security experience is a significant plus</span></div> </div>