Senior Principal Security Engineer - Cloud & Application Security

• Lead SAST, SCA, and secret detection initiatives across Java, Spring Boot, Grails, JVM-based, and Python application and IaC stacks
• Triage, prioritize, and remediate vulnerabilities - including writing code fixes
• Define and enforce container security standards for Docker images, base image hardening, and runtime policies
• Secure Kubernetes clusters on AWS EKS and/or Azure AKS - RBAC, network policies, pod security standards, admission controllers
• Experience with infrastructure-as-code security scanning - Terraform, CloudFormation, and Helm chart security review and hardening
• Conduct threat modeling on new features and requirements provided by product teams - identify attack surfaces, data flow risks, and trust boundaries before code is written (STRIDE, DREAD, or equivalent frameworks)
• Conduct targeted penetration testing and vulnerability assessments on applications and infrastructure
• Assess application security needs and recommend WAF, DDoS protection, and rate limiting strategies (e.g., Cloudflare, AWS WAF/Shield, Azure Front Door)
• Collaborate with tiger teams during incident response to analyze, contain, and remediate critical and zero-day vulnerabilities
• Evangelize OWASP Top 10 awareness and secure coding practices across engineering teams through structured training programs, lunch-and-learns, and hands-on workshops
• Administer a security training platform - curate learning paths, track completion metrics, and ensure all engineers complete baseline secure coding training
• Evaluate, integrate and mature security tooling into CI/CD pipelines
• Experience building internal security tooling or custom SAST/SCA rules, * Database security experience - access controls, query injection prevention, audit logging, encryption at the storage layer (PostgreSQL, MySQL, Oracle, Elasticsearch)
• Familiarity with service mesh security (Istio, Linkerd)
• Design and review network security controls including ingress/egress traffic policies, service mesh configurations, and firewall rules
• Implement and enforce end-to-end encryption using TLS and mTLS across services - certificate lifecycle management, trust chain validation, and zero-trust network architecture

If required for this role, you will:

• Complete security & privacy literacy and awareness training during onboarding and annually thereafter
• Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

Data Classification, Retention & Handling Policy Incident Response Policy/Procedures Business Continuity/Disaster Recovery Policy/Procedures

We are looking for a Principal Security Engineer to lead application and infrastructure security efforts across our engineering organization. You will be hands-on identifying vulnerabilities, writing fixes, and working directly with tiger teams to resolve critical and zero-day issues under pressure. This is not a governance-only role; you will code, review, and ship., * 10+ years in software engineering or security engineering, with 5+ years focused on application and infrastructure security

• AI first approach to assess, design, triage and fix issues. Produce shareable AI artifacts for others to scale fixing issues
• Deep expertise in static analysis (SAST), software composition analysis (SCA), and secret scanning across JVM ecosystems (Java, Spring Boot, Grails) and Python
• Strong hands-on coding ability - you can read, write, and fix code in Java, Python, and Groovy
• Production experience securing Kubernetes workloads on AWS EKS or Azure AKS
• Solid understanding of container security - image scanning, runtime protection, least-privilege configurations
• Strong knowledge of end-to-end encryption - TLS/mTLS implementation, certificate management, PKI, key rotation, and secrets management (HashiCorp Vault, AWS KMS,Azure Key Vault)
• Proven experience conducting threat modeling on product requirements - ability to partner with product teams early in the SDLC to identify and mitigate risks before implementation
• Working knowledge of network security: ingress/egress controls, TLS termination, mTLS, VPC/VNET segmentation
• Practical experience with penetration testing tools and methodologies (Burp Suite, OWASP ZAP, etc.)
• Strong command of OWASP Top 10 vulnerabilities and their mitigations
• Demonstrated experience evangelizing security culture - delivering training, mentoring developers, and driving adoption of secure coding practices using security training platforms
• Experience responding to critical security incidents and zero-day disclosures in fast-paced environments

Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world's leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com.