Key skills
Security EngineeringIdentity and Access ManagementLDAPSAMLOAuthOpenIDCloud SecurityAWSAzureGoogle CloudApplication SecuritySecure Coding PracticesStatic Application Security TestingDynamic Application Security TestingCISSPCISMCEHNISTISO/IEC 27001PCI DSSGCPIAMSDLCCommunicationPenetration TestingZero Trust
About this role
Achieve is a leading digital personal finance company that provides innovative financial solutions to help individuals thrive. They are seeking a Principal Security Engineer to evaluate, implement, and maintain security solutions to protect the organization's information assets while collaborating with cross-functional teams.
Responsibilities:
- This role will design, validate, implement, and document security infrastructure and collaborate amongst Technology groups to support the internal user base and uphold InfoSec initiatives
- Security Engineering: Architect and assist with the implementation of security controls, tools, and technologies to protect information assets from internal and external threats. Collaborate with engineering teams to integrate security into the development and deployment processes
- Identity and Access Management (IAM): Architecture of the future for Identity. Design and implement strategies for IAM solutions to manage user identities, access rights, and privileges across on-premises and cloud environments. Establish authentication, authorization, and access control mechanisms to enforce security policies effectively. Zero Trust architecture
- Cloud Security: Architect and implement security controls and best practices (SASE) for cloud infrastructure (e.g., AWS, Azure, Google Cloud) to protect data and workloads in cloud environments. Evaluate and recommend security services and technologies to enhance cloud security posture
- Application Security: Collaborate with development teams to integrate security into the software development lifecycle (SDLC) and ensure secure coding practices are followed. Conduct security assessments, code reviews, and penetration testing to identify and remediate application security vulnerabilities
- Security Standards and Compliance: Ensure compliance with industry standards, frameworks, and regulations related to information security (e.g., NIST, ISO/IEC 27001, PCI DSS). Develop and maintain security policies, standards, and procedures to align with regulatory requirements
Requirements:
- Relevant certifications (e.g., CISSP, CISM, CEH) etc
- Minimum of 6 years of experience in information security engineering with experience in identity/authentication, architecture, cloud security, and application security
- Proficiency in designing security controls, security tools needs/assessments, and technologies services
- In-depth knowledge of IAM solutions and protocols (e.g., LDAP, SAML, OAuth, OpenID)
- Expertise with cloud security principles, services, and controls in major cloud platforms (e.g., AWS, Azure, GCP)
- Expertise in application security concepts, tools, and techniques (e.g., secure coding practices, static and dynamic application security testing)
- Strong analytical and problem-solving skills with the ability to assess complex security challenges and develop effective solutions
- Excellent written and verbal communication skills with the ability to communicate technical concepts to non-technical stakeholders
- Proven ability to lead and influence cross-functional teams and drive security controls. Be a security evangelist with the technology teams
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field