Principal Security Engineer

Description

Today’s world is crime-riddled. Criminals are everywhere—virtual, invisible, and sophisticated. Traditional ways to prevent and investigate crime and terror are no longer enough.

Technology is advancing at lightning speed. Criminals know it—and they exploit it. So do we.

For nearly 30 years, the brilliant minds at Cognyte have been building software to help governments and enterprises stay ahead of evolving threats. With industry-leading investigative analytics, our solutions make the world a safer place—and that’s a mission we take personally.

We’re now looking for an exceptional Principal Security Engineer to drive the security of our cloud-native platform and DevOps processes.

If you’re a hands-on technologist with a strategic mindset, and you thrive in collaborative, high-impact roles—this is your moment.

As a Principal Security Engineer you’ll be the driving force behind securing our application and infrastructure layers, embedding security best practices across the SDLC and modern DevOps workflows.

You'll work closely with DevOps engineers, backend developers, and architects to secure our code, product, CI/CD pipelines, Kubernetes infrastructure, and identity systems. Your goal will be to make security a shared responsibility across the company.

As a Cognyter you will:

• Define and implement DevSecOps practices—integrating security into CI/CD pipelines using industry-leading tools (e.g., SAST, DAST, IaC scanners)
• Automate vulnerability scanning, secrets detection, and compliance checks in pipelines and container workflows
• Harden Kubernetes environments (RBAC, PSP, network policies, admission controllers), VMs, and cloud deployments
• Secure setups and identity flows with proper token strategies, MFA, and access controls
• Collaborate with development and architecture teams to perform risk analysis and threat modelling for critical systems and features
• Promote secure coding practices, conduct internal workshops, and elevate the security mindset across engineering

Requirements

For that mission you'll need:

• 5+ years of experience in Security Architecture or DevSecOps roles
• Expertise in securing Java-based systems (Spring Boot) and modern CI/CD workflows (preferably Jenkins)
• Proven experience integrating tools like Trivy, Snyk, SonarQube, JFrog, or OWASP ZAP into pipelines
• Hands-on experience with Kubernetes, container security, Helm, GitOps tools.
• Proficiency in Terraform or Ansible for infrastructure-as-code and policy as code
• Strong knowledge of OWASP Top 10, secure design patterns, and code audit practices
• Familiarity with Keycloak or equivalent IAM tools and best practices around SSO and OAuth2/OIDC
• Languages: Bash, Python, Groovy, Helm, YAML
• Infra: Kubernetes, KVM, public cloud (AWS/GCP/Azure)
• Standards: CIS Benchmarks, NIST, ISO 27001, FEDRAMP is a significant plus
• A “secure-by-default” mindset combined with a pragmatic, collaborative approach
• An endlessly curious mind