Principal Security Engineer

Summary

Join Appspace as a Principal Security Engineer and lead security transformations for enterprise clients. This hands-on role requires expertise in cloud security, software security, and penetration testing. You will conduct forensic investigations, design and implement security solutions, and serve as a primary client-facing expert. Responsibilities include leading security initiatives, performing security assessments, and developing secure software development lifecycles. The ideal candidate will have a strong understanding of cloud platforms (AWS, Azure, GCP), vulnerability management, and security best practices. This position offers opportunities for mentorship and professional growth within a dynamic and client-focused environment.

Requirements

• Bachelor’s degree in Computer Science, Cyber Security, Risk Management, or a related field (Master’s preferred)
• 10+ years of experience in information security, including securing cloud environments (Azure/GCP), application security, and security operations
• Deep expertise in network and infrastructure security within major cloud platforms, including IAM, network configuration, and cloud-native security tools
• Hands-on experience with vulnerability management, penetration testing, and common attack vectors; familiarity with SAST, DAST, and SCA tools
• Strong understanding of the OWASP Top 10, secure coding principles, cryptography, and threat modeling
• Proven track record leading client-facing security projects and transformation initiatives
• Experience configuring and supporting SIEMs, managing security alerts, and writing custom scripts in PowerShell, Python, or Bash
• Exceptional communication and interpersonal skills; able to influence and collaborate across technical and non-technical teams
• Relevant certifications required: CISSP (required), CISM/CCSP/OSCP desirable; Azure or GCP certifications strongly preferred
• Demonstrated ability to thrive in a dynamic, fast-paced, and client-focused environment

Responsibilities

• Lead and execute security transformation initiatives for enterprise clients, focusing on cloud security, application security, and vulnerability management
• Solid knowledge of operating systems, file systems, memory structures, and log analysis
• Proficiency in scripting and automation (e.g., Python, PowerShell, Bash) to streamline investigations
• Proficiency in forensic tools (e.g., EnCase, FTK) and evidence handling
• Serve as a primary client-facing security expert, building strong relationships and effectively communicating complex technical concepts to both technical and non-technical stakeholders
• Architect, design, and implement robust security solutions for cloud-native and traditional applications, with a strong emphasis on AWS, Azure, or GCP
• Conduct in-depth security assessments, penetration tests, and code reviews to identify vulnerabilities and recommend remediation strategies
• Develop and implement secure software development lifecycles (SSDLC), integrating security best practices throughout the entire development process
• Provide expert guidance on OWASP Top 10 vulnerabilities, secure coding practices, and threat modeling
• Drive the adoption of automated security testing tools and processes
• The candidate will be available on occasional nights and weekends to support the Security Operations team and will be on-call in the event of any security incident
• Mentor and provide technical leadership to other security engineers and client teams
• Stay abreast of the latest security trends, threats, and technologies, continuously enhancing our service offerings

Preferred Qualifications

• Certifications such as CCSP, OSCP, CISM, or cloud-specific credentials (e.g., Google Cloud Security Engineer, Azure Security Engineer, AWS Security Specialty)
• Experience with Infrastructure-as-Code (IaC) tools like Terraform, CloudFormation, or ARM templates to automate security controls
• Familiarity with container security and orchestration (Docker, Kubernetes)
• Knowledge of DevSecOps principles and integrating security into CI/CD pipelines

Benefits

• Competitive salaries, medical, dental and vision coverage, disability coverage, employer paid life insurance, mental health resources, 401(k) plan and a fully paid parental leave program
• Generous PTO
• Flexible work schedules
• Remote work opportunities
• Paid company holidays
• Appspace Quiet Fridays (No non-essential internal meetings scheduled)
• A casual dress work environment