Principal Software Engineer - Security Architect

ConfidentialMumbai, Kolkata, Delhi

30+ days ago

Job description

We are seeking a hands-on Security Architect to join our engineering organization. This critical role will drive alignment between vulnerability management remediation iniatives and DevSecOps, coordinate with engineering and product teams on security implementation, and support strategic security initiatives. The ideal candidate will combine deep technical expertise with strong communication skills to influence and strengthen our overall security posture across the organization.

Role and Responsibilities

Work closely with the DevSecOps team to implement security strategies and remediation plans.
Act as the primary engineering interface for security posture, vulnerability remediation, and secure development practices.
Perform hands-on security architecture reviews, threat modeling, secure code reviews, and secure design evaluations.
Collaborate with engineering teams to drive adoption of security tools, frameworks, and best practices.
Integrate security controls and checks into CI / CD pipelines and engineering workflows.
Contribute to Project Phoenix execution and participate in other strategic security engineering initiatives.
Identify, assess, prioritize, and drive remediation of vulnerabilities across application, cloud, and infrastructure environments.
Mentor engineering teams to adopt security-first design and implementation principles.
Track and respond to evolving security threats, integrating learnings into engineering processes.

Technical Must-Know Concepts

Candidates are expected to demonstrate strong expertise in the following areas :

Application Security : Secure coding practices (OWASP Top 10, CWE), secure SDLC integration.

Threat Modeling : STRIDE, DREAD frameworks, attack surface identification and mitigation planning.

Cloud Security : AWS security best practices (IAM, KMS, GuardDuty), encryption at rest and transit, cloud resource hardening.

Infrastructure and CI / CD Security : Security in IaC (Terraform, CloudFormation), secrets management, pipeline security integration (SAST, SCA, DAST, IaC scanning).

Vulnerability Management : Experience with tools like Snyk, TruffleHog, CrowdStrike CSPM or similar; prioritization and remediation of vulnerabilities.

Authentication and Authorization Security : OAuth 2.0, OpenID Connect, SSO security principles.

Container and Kubernetes Security : Image scanning, container hardening, Kubernetes RBAC, network policies.

Cryptography Fundamentals : Understanding TLS / SSL, encryption standards, key management practices.

Security Standards and Compliance Awareness : Familiarity with NIST, ISO 27001, SOC 2, PCI DSS frameworks.

DevSecOps Tooling : GitHub, GitLab, Bitbucket CI / CD pipelines and security automation integrations.

Be Bold. Be You. Be Boomi. We take pride in our culture and core values and are committed to being a place where everyone can be their true, authentic self. Our team members are our most valuable resources, and we look for and encourage diversity in backgrounds, thoughts, life experiences, knowledge, and capabilities.

All employment decisions are based on business needs, job requirements, and individual qualifications.

Boomi strives to create an inclusive and accessible environment for candidates and employees. If you need accommodation during the application or interview process, please submit a request to [HIDDEN TEXT] . This inbox is strictly for accommodations, please do not send resumes or general inquiries.

Role : Software Development - Other

Industry Type : IT Services & Consulting

Department : Engineering - Software & QA

Employment Type : Full Time, Permanent

Role Category : Software Development

Education

UG : Any Graduate

PG : Any Postgraduate

Skills Required

Pci Dss, Coding, Iso 27001, Owasp, Soc, Application Security, Ssl, Automation, Cryptography, Sdlc

Create a job alert for this search

Principal Software Engineer • Mumbai, Kolkata, Delhi