More jobs:
Principal Engineer - Risk Management & Threat Modeling
Job in
Sunnyvale, Santa Clara County, California, 94085, USA
Listed on 2026-06-14
Listing for:
Proofpoint Inc
Full Time
position Listed on 2026-06-14
Job specializations:
-
IT/Tech
Cybersecurity, Systems Engineer
Job Description & How to Apply Below
Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently.
Join us in our pursuit to defend data and protect people.
How We Work:
At Proofpoint you'll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values:
Bold in how we dream and innovate
Responsive to feedback, challenges and opportunities
Accountable for results and best in class outcomes
Visionary in future focused problem-solving
Exceptional in execution and impact
Location:
Sunnyvale, CA
Department:
Information Security
Reports To:
Chief Information Security Officer (CISO)
Role Overview
Proofpoint is seeking a Principal Engineer - Risk Management & Threat Modeling to serve as one of the company's most senior technical leaders for cybersecurity risk and security architecture analysis. This role combines deep technical expertise, strategic business influence, and cross-functional leadership to shape and mature Proofpoint's enterprise cyber risk posture across corporate systems, cloud infrastructure, SaaS products, and AI-powered services.
As a Principal Engineer, you will establish technical direction for cyber risk assessment, threat modeling, and AI risk management capabilities. You will partner closely with Product Security, Engineering, Enterprise Architecture, and executive leadership to identify emerging threats, quantify business risk, and drive secure-by-design outcomes at scale.
This role is highly visible across the organization and requires the ability to translate complex technical and architectural risks into actionable guidance for executives, engineering teams, customers, and board stakeholders. A key focus area will be advancing Proofpoint's security posture for AI-enabled products, agentic systems, and large language model (LLM) integrations while enabling innovation and business growth.
Key Responsibilities
Enterprise Cyber Risk Leadership
* Provide technical leadership for enterprise cyber risk management across corporate, cloud, and product environments.
* Define and evolve data-driven risk assessment methodologies using FAIR, NIST, and ISO frameworks.
* Establish measurable risk metrics, KRIs, and reporting that support executive decision-making.
* Partner with engineering, product, and business stakeholders to drive risk treatment and remediation.
* Serve as a senior technical authority for risk analysis and risk acceptance decisions.
Threat Modeling & Security Architecture
* Lead threat modeling for enterprise platforms, cloud-native architectures, SaaS applications, and customer-facing services.
* Define and scale threat modeling practices using STRIDE, PASTA, MITRE ATT&CK, and related methodologies.
* Identify attack surfaces, trust boundaries, and architectural weaknesses through analysis of distributed systems.
* Partner with Product Security and Engineering to integrate threat modeling into architecture reviews and the SDLC.
* Develop reusable threat models, reference architectures, and security design guidance.
AI & Agentic Security Risk
* Lead security assessments and threat modeling for AI-enabled products, LLM integrations, and agentic workflows.
* Identify attack surfaces, trust boundaries, and threats involving prompt injection, excessive agency, model compromise, training data poisoning, and data exposure.
* Partner with Product Security, Engineering, and Architecture to embed security throughout the AI development lifecycle.
* Evaluate risks associated with AI models, tool integrations, retrieval systems, and agent communications.
* Define measurable security requirements aligned with NIST AI RMF, ISO 42001, OWASP LLM Top 10, and MITRE ATLAS.
* Develop reusable AI security patterns and assessment methodologies that enable secure AI adoption.
Executive & Board-Level…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×