Principal Security Engineer

Tazapay


Job Location:

Bengaluru - India

Monthly Salary: Not Disclosed
Experience Required: 5years
Posted on: 2 hours ago
Vacancies: 1 Vacancy

Job Summary

Principal Security Engineer


Job Summary

This role sits at the intersection of cloud-native engineering and security operating across AWS in a data-intensive high-throughput payments environment. You will drive deep architecture engineering and automation across Cloud Infrastructure and Product Engineering teams owning security architecture security engineering and the security observability layer.

You will actively partner across product and infrastructure layers to uplift the cyber resilience of Tazapays platform while product-managing security tooling and building security observability capabilities on top of internal product offerings. This is a hands-on high-ownership role that demands equal parts technical depth and cross-functional leadership.


Location: Bangalore

Reporting To: CISO


Key Responsibilities


Architecture

  • Actively participate in and contribute to the Architecture Review providing security-informed opinionated guidance on technology choices across software engineering and infrastructure patterns.

  • Author and champion RFC-style technical documents architectural decision records (ADRs) and implementation guides for adoption by product and infrastructure engineering teams.

  • Shape Tazapays API strategy with strong ownership over Security Privacy and Governance pillars including API authentication standards rate limiting and threat modeling for API surfaces.

  • Collaborate closely with architecture product management product engineering and GRC teams in a hands-on environment to design build and operate products securely.

  • Work independently with developers system engineers and product managers to ensure security and privacy-first design and development reviews across all product and infrastructure initiatives.

  • Own and maintain a living security design mandate documenting architectural standards security controls and implementation patterns and drive adoption across product and infrastructure groups.

  • Independently research evaluate and prototype emerging security technologies; develop proof-of-concepts and present findings to the broader engineering community to accelerate informed adoption.

  • Design and develop enterprise IAM architecture aligned with business and security objectives including authentication and authorization frameworks using SAML OAuth 2.0 OpenID Connect LDAP and Kerberos.

  • Lead the implementation and integration of IAM solutions across enterprise applications cloud platforms and infrastructure.

  • Own threat modeling as a structured practice across product and infrastructure embedding it early in the SDLC and establishing repeatable threat modeling frameworks for engineering teams.

  • Design and evolve a Zero Trust architecture across Tazapays multi-cloud environment spanning network access identity verification device trust and micro-segmentation.







Engineering and Automation

  • Build security automation tooling with a developer-first lens prioritizing self-serviceability low friction and high developer empathy as foundational design principles.

  • Partner with DevOps and Infrastructure teams to embed security verification gates including SAST SCA secrets scanning container scanning and IaC policy checks natively into CI/CD pipelines.

  • Own the product management engineering and operations of security tooling spanning CI/CD product infrastructure identity user endpoint and SaaS partner layers.

  • Own the product management engineering and operations of security monitoring capabilities across the edge encompassing both Layer 7 (WAF API gateway bot protection) and Layer 4 (DDoS network-level) security controls.

  • Lead detection engineering efforts to continuously tune enrich and improve alert fidelity across the detection and response layer reducing false positives and improving mean time to detect (MTTD) across infrastructure and product layers.

  • Drive security control parity and tooling consolidation across all merged and acquired entities ensuring unified threat management coverage and consistent security posture.

  • Define and own the vulnerability management program covering triage SLA enforcement prioritization frameworks and remediation tracking across infrastructure and application layers.

  • Govern secrets and key management practices across the organization including PKI certificate lifecycle cryptographic standards and secrets management tooling such as HashiCorp Vault or AWS Secrets Manager.

  • Own software supply chain security including SBOM generation dependency risk assessment and third-party library governance to mitigate supply chain attack vectors.

Operations Management

  • Own security operations budget governance tracking approved spend run rate and unit economics and drive cost optimization without compromising coverage or operational effectiveness.

  • Manage relationships with managed security service providers (MSSPs) and vendors holding them accountable to SLA adherence service quality benchmarks and continuous improvement commitments.

  • Define and own incident response playbooks coordinate with the SIRT during active incidents and lead post-incident reviews to drive systemic improvements.

  • Define and track security engineering KPIs including mean time to remediate (MTTR) vulnerability aging pipeline gate pass/fail rates and detection coverage and present findings to IT leadership and executive stakeholders.

Automation and Tooling

  • Lead automation initiatives across Security and GRC functions to streamline compliance reporting evidence collection dashboarding and audit workflows materially reducing audit fatigue.

  • Lead automation initiatives to reduce manual effort in vulnerability management including automated scanning triage ticketing integration and SLA tracking.

  • Drive adoption of policy-as-code and automated configuration verification across AWS




Culture and Enablement

  • Champion adoption of Agile practices within the Security team embedding sprint-based delivery backlog management and continuous improvement ceremonies.

  • Build a product mindset within all members of the security team encouraging ownership metrics-driven thinking and user empathy.

  • Mentor and coach security engineers on architecture mindset secure design principles and career progression pathways.

  • Foster a Security and Privacy by Design culture within product engineering embedding shift-left security practices threat modeling early in the SDLC and making security a shared engineering responsibility.

  • Design and deliver a structured developer security awareness program covering secure coding practices OWASP Top 10 common vulnerability patterns and threat modeling techniques.

Customer Engagement and Compliance

  • Represent Tazapays security posture in customer-facing engagements articulating security maturity control effectiveness and tooling adoption with clarity and confidence.

  • Lead security capability walkthroughs and evidence presentations during internal and external audits including ISO 27001 SOC 1/2 and PCI-DSS assessments as well as enterprise customer security evaluations.

  • Architect and maintain regulatory compliance controls aligned to PCI-DSS ISO 27001 and applicable data protection regulations ensuring controls are engineering-driven and continuously validated rather than point-in-time.

Must Have Requirements

  • 123 years of progressive experience as a security architect product security engineer or full-stack software engineer with deep domain ownership in security within cloud-native data-intensive environments.

  • Proven experience as a security architect or product security engineer with strong software engineering fundamentals preferably in Golang Java or equivalent and deep working knowledge of information security principles and secure development practices.

  • Operational knowledge of cloud service offerings across AWS GCP or Azure with focus on securing environments at design deployment and runtime layers.

  • Deep understanding of CI/CD and DevOps practices with hands-on experience in release management branching strategy pipeline governance and embedding security checkpoints across the engineering lifecycle.

  • Deep understanding of web applications data architecture and microservice architecture including REST and GraphQL API security.

  • Experience in microservices adoption and transformation and building engineering governance models with a focus on API security.

  • Strong command of application security best practices and design principles including OWASP Top 10 Secure SDLC and threat modeling methodologies.

  • Knowledge of common security implementations across authentication authorization database security network security encryption logging and monitoring error handling and gateway products.

  • Hands-on experience with IAM architecture and protocols including SAML OAuth 2.0 OpenID Connect LDAP and Kerberos.

  • Exceptional communication skills written and verbal with the ability to translate complex technical security risks into clear business-aligned risk-based narratives for engineering product and executive audiences.

  • Proven experience coaching and mentoring security engineers and operating effectively as a cross-functional team leader.

  • Experience operating using Agile methodologies and tools including JIRA and Confluence.


Nice to Have (Technical)

  • AWS GCP or Azure security certifications (e.g. AWS Security Specialty Google Professional Cloud Security Engineer Microsoft SC-100).

  • Domain experience in payments banking or platform-based products particularly in regulated environments.

  • Security-specific certifications such as CISSP CCSP CSSLP or CEH.

  • Experience with observability and SIEM platforms such as Splunk Datadog or Chronicle Security.

  • Familiarity with supply chain security tooling SBOM generation and dependency governance frameworks.

  • Exposure to Zero Trust architecture frameworks and implementation patterns (e.g. BeyondCorp NIST SP 800-207).

  • Experience with bug bounty program management or red team/penetration testing program oversight.

  • Custody Wallet and Key Management Security - Architect hot warm and cold wallet security models defining signing workflows quorum policies key rotation schedules and hardware security module (HSM) integration.

  • Architect controls to meet stablecoin-specific regulatory obligations across MAS (Singapore) and applicable jurisdictions.

  • Define and own incident response playbooks for crypto-native attack scenarios including smart contract exploits private key compromise bridge hacks oracle attacks and stablecoin de-pegging events.

  • Lead post-exploit forensics including on-chain transaction tracing attacker fund flow tracking and coordination with exchanges and bridges for asset freezing where possible.




Required Education:

A degree in computer science software engineering information technology or similar experience

Principal Security EngineerJob SummaryThis role sits at the intersection of cloud-native engineering and security operating across AWS in a data-intensive high-throughput payments environment. You will drive deep architecture engineering and automation across Cloud Infrastructure and Product Enginee...