Principal Engineer - Security

This role is for one of the Weekday's clients

Min Experience: 8 years

Location: Mumbai

JobType: full-time

We are seeking an experienced and highly skilled Principal Security Engineer to lead the design, implementation, and management of our security infrastructure and tools. This role is critical in safeguarding both internal systems and external-facing applications by establishing and maintaining robust security architecture and operational frameworks. You will act as the subject matter expert (SME) across multiple cybersecurity domains, providing technical leadership on key projects, ensuring compliance with best practices, and minimizing organizational risk.

You will play a pivotal role in reviewing and validating security-related changes, serving as a control mechanism to prevent risks introduced by modifications across the technology landscape. This is a unique opportunity to build best-in-class security processes, tools, and automation to support a high-growth, technology-driven environment.

Requirements

Key Responsibilities:

• Design, build, and lead the implementation of enterprise-grade security infrastructure and associated tools.
• Serve as the SME on security architecture, tools, and operations across the organization.
• Ensure high-quality execution of upgrades, implementations, configuration changes, and incident response.
• Collaborate with cybersecurity teams to drive hardening initiatives and monitor baseline configuration compliance.
• Recommend improvements to policies, standards, and practices based on strong evidence and evolving threats.
• Partner with engineering and development teams to build and integrate secure DevSecOps pipelines with automated testing tools and secure coding standards.
• Review and validate system and environment changes to ensure alignment with security policies and avoid new risks.
• Lead red/blue team exercise preparation, incident remediation planning, and threat modeling.

Requirements:

• Bachelor's degree in Computer Science, Engineering, Cybersecurity, or a related field. Equivalent work experience or relevant cybersecurity certifications (e.g., CISSP, CISM, CEH, Azure Security Engineer) will also be considered.
• 8–10 years of hands-on experience in cybersecurity, with at least 3 years in an SME, architect, or principal engineer role overseeing major security infrastructure projects.
• At least one advanced technical certification such as CCNP – Security, GIAC, or equivalent.
• Experience with SOC II, ISO standards, and Vulnerability Assessment & Penetration Testing (VAPT).
• Proven experience with security tools like BigFix, Intune, Imperva, Snort, Nessus/Nexpose, or similar.
• Strong background in enterprise authentication and identity solutions including Azure AD, Active Directory, SSO, MFA, identity federation, and application registration.
• Proficiency in scripting and automation using PowerShell, Python, Bash, or equivalent languages.
• Expertise in secure architecture aligned with Zero Trust principles, continuous monitoring, endpoint security, and cloud security (public and private).
• Deep knowledge of OWASP, including the OWASP Top 10.
• Strong leadership, communication, and documentation skills, with a history of managing teams or cross-functional initiatives.
• Familiarity with Agile Scrum methodology and tools such as Azure DevOps.

Key Skills:
Cybersecurity, Security Engineering, DevSecOps, VAPT, IAM, OWASP, Security Automation, Infrastructure Security, SOC II, ISO, Zero Trust, Azure Security, Security Tools (Nessus, Snort, etc.), Incident Response, Secure Code Review