Lead - Security Engineer (Cloud & Applications)

ROLE PURPOSE

Own the design and engineering of preventative security controls across cloud, infrastructure, identity, and application access.

Act as the technical authority for secure-by-design architectures with strong focus on automation, guardrails, and identity-driven security.

PRIMARY ACCOUNTABILITY OVER

• Cloud, Data & Application Security

• DevSecOps, API, Containers, Serverless

• Security Design for Infrastructure & IAM

KEY RESPONSIBILITIES

1. Security Architecture & Engineering

• Define security architecture standards, principles, and reference patterns.

• Lead solution security design reviews and threat modelling.

• Produce reusable blueprints and engineering guardrails.

• Provide technical assurance and risk recommendations.

2. Identity, IAM & Privileged Access Security

• Architect workforce and workload identity models.

• Design Conditional Access, MFA, RBAC, privileged governance.

• Implement PAM integrations and privileged workflows.

• Define secure authentication and app onboarding standards.

• Establish identity lifecycle (JML) automation.

3. Cloud Security Engineering & Governance

• Design secure landing zones and foundational controls.

• Implement policy baselines and guardrails.

• Drive posture management and drift remediation.

• Engineer encryption, key management, and secrets protection.

4. Application, API & Integration Security

• Define secure authentication and authorization patterns.

• Establish API security controls and gateway standards.

• Implement secrets management for apps and pipelines.

• Provide secure integration templates for SaaS and partners.

5. DevSecOps & Security Automation

• Embed security into CI/CD pipelines.

• Define automated testing and release guardrails.

• Implement policy-as-code and compliance automation.

• Build reusable pipeline security modules.

6. Containers, Kubernetes & Serverless Security

• Define container image and runtime standards.

• Establish Kubernetes security baselines.

• Implement serverless security patterns and monitoring.

7. Partner Oversight & Delivery Governance

• Provide engineering oversight to third parties.

• Define technical requirements and validate delivery.

EXPERIENCE REQUIREMENTS

Essential:

• 8–12+ years in security engineering / architecture.

• Strong IAM and identity security expertise.

• Cloud security architecture experience.

• Automation and DevSecOps integration delivery.

• Secure authentication and federation implementation.

Desirable:

• Azure Security Engineer / CCSP / CCSK.

• SailPoint / Saviynt / CyberArk / BeyondTrust.

• CSPM / CNAPP platforms.

• TOGAF or architecture training.

CORE SKILLS

• Security architecture and threat modelling

• Identity security & privileged access

• Cloud security governance

• API & integration security

• DevSecOps automation

• Containers & serverless security

SUCCESS MEASURES

• Secure landing zone adoption

• Identity risk reduction

• Application onboarding to secure auth

• DevSecOps control coverage

• Reduction in misconfiguration risk

 #LI-HS1