Principal Security Engineer - Hybrid Cloud & Application

Lead secure-by-design engineering across modern applications, microservices, and cloud-native environments. Define secure development patterns, embed DevSecOps practices, and ensure security is practical and scalable across a complex technology landscape.

Responsibilities

• Define and drive secure-by-design patterns across applications, APIs, integrations, and cloud services
• Embed DevSecOps and secure SDLC practices across engineering teams, ensuring consistent adoption at scale
• Lead security architecture across APIs, microservices, Kubernetes (AKS), and Azure environments
• Drive threat modelling, translating risks into practical controls and resilient design decisions
• Own API security, identity, and authentication strategies (OAuth2, OIDC, JWT)
• Champion Zero Trust principles across applications, identities, and workloads
• Lead security for Azure platforms, including landing zones, Defender for Cloud, and policy controls
• Partner with engineering teams to secure Kubernetes, Java applications, and secrets/key management
• Oversee security monitoring, vulnerability management, and posture improvement initiatives
• Contribute to architecture reviews (HLD/LLD), PoCs, and major programmes to ensure security is built in from day one
• Support audits, risk reporting, and stakeholder engagement with clear, actionable insights
• Work in close alignment with the central IT Security function (dotted line), ensuring all engineering practices adhere to enterprise security standards, policies, and governance

Requirements

• Extensive experience in Security Engineering within complex, enterprise environments
• Deep expertise securing cloud-native platforms (Azure, APIs, Kubernetes, microservices)
• Strong knowledge of application and API security, including OAuth2, OIDC, JWT
• Proven experience implementing secure SDLC and DevSecOps practices
• Hands-on experience with Azure security tooling (Defender for Cloud, Sentinel, Key Vault, policies)
• Strong understanding of Zero Trust architecture and identity-first security models (Entra ID)
• Experience in threat modelling and translating risks into engineering controls
• Knowledge of secure coding practices and vulnerability management (OWASP Top 10)
• Experience securing hybrid environments (on-prem, SaaS, PaaS)
• Familiarity with cybersecurity frameworks (e.g., NIST CSF, ISO 27001)
• Ability to translate complex security requirements into clear, actionable guidance for engineers
• Strong communication skills, able to influence both technical and non-technical stakeholders
• Experience working with Kubernetes/AKS security at scale (nice to have)
• Background in financial or regulated environments (nice to have)
• Experience leading security architecture governance across multiple teams (nice to have)
• Hands-on experience with threat intelligence integration (nice to have)
• Experience delivering security training and awareness programmes (nice to have)
• Relevant certifications (CISSP, CSSLP, Azure Security Engineer, etc.) (nice to have)

Skills

• Security Engineering
• Cloud-Native Security
• Azure Security
• API Security
• OAuth2
• OIDC
• JWT
• Secure SDLC
• DevSecOps
• Azure Defender for Cloud
• Azure Sentinel
• Azure KeyVault
• Azure Policies
• Zero Trust principles
• Entra ID
• Threat Modelling
• Secure Coding
• Vulnerability Management
• OWASP Top 10
• Hybrid Environment Security
• Cybersecurity Frameworks
• NIST CSF
• ISO 27001
• Kubernetes Security
• Security Architecture

Languages

English