Lead - Security Engineer; Cloud

Role Purpose

Own the design and engineering of preventative security controls across cloud, infrastructure, identity, and application access. Act as the technical authority for secure‑by‑design architectures with strong focus on automation, guardrails, and identity‑driven security.

• Cloud, Data & Application Security
• Dev Sec Ops , API, Containers, Serverless
• Security Design for Infrastructure & IAM

• Security Architecture & Engineering
• Define security architecture standards, principles, and reference patterns.
• Lead solution security design reviews and threat modelling.
• Produce reusable blueprints and engineering guardrails.
• Provide technical assurance and risk recommendations.
• Identity, IAM & Privileged Access Security
• Architect workforce and workload identity models.
• Design Conditional Access, MFA, RBAC, privileged governance.
• Implement PAM integrations and privileged workflows.
• Define secure authentication and app onboarding standards.
• Establish identity lifecycle (JML) automation.
• Cloud Security Engineering & Governance
• Design secure landing zones and foundational controls.
• Implement policy baselines and guardrails.
• Drive posture management and drift remediation.
• Engineer encryption, key management, and secrets protection.
• Application, API & Integration Security
• Define secure authentication and authorization patterns.
• Establish API security controls and gateway standards.
• Implement secrets management for apps and pipelines.
• Provide secure integration templates for SaaS and partners.
• Dev Sec Ops  & Security Automation
• Embed security into CI/CD pipelines.
• Define automated testing and release guardrails.
• Implement policy-as-code and compliance automation.
• Build reusable pipeline security modules.
• Containers, Kubernetes & Serverless Security
• Define container image and runtime standards.
• Establish Kubernetes security baselines.
• Implement serverless security patterns and monitoring.
• Partner Oversight & Delivery Governance
• Provide engineering oversight to third parties.
• Define technical requirements and validate delivery.

• 8–12+ years in security engineering / architecture.
• Strong IAM and identity security expertise.
• Cloud security architecture experience.
• Automation and Dev Sec Ops  integration delivery.
• Secure authentication and federation implementation.

• Azure Security Engineer / CCSP / CCSK.
• SailPoint / Saviynt / Cyber Ark / Beyond Trust.
• CSPM / CNAPP platforms.
• TOGAF or architecture training.

• Security architecture and threat modelling
• Identity security & privileged access
• Cloud security governance
• API & integration security
• Dev Sec Ops  automation
• Containers & serverless security

• Secure landing zone adoption
• Identity risk reduction
• Application onboarding to secure auth
• Dev Sec Ops  control coverage
• Reduction in misconfiguration risk