CrawlJobs Logo
Ethos Logo Ethos · IT - Software Development

Principal Security Engineer

India, Bangalore · Job Posted January 18, 2026
Apply Position
Job Link Share

Job Description

As a member of Ethos Trust and Safety team, you'll be responsible for building various security services and performing technical security risk assessments to support the Ethos main product. You'll help architect and build our internal security standards and frameworks. This role will help build and deploy various security controls in line with foundational security principles like least privilege, defence in depth, segregation of duties and zero-trust architecture.

Job Responsibility

  • Design, develop, and deploy security mechanisms to protect against adversarial attacks, data breaches, and other security vulnerabilities
  • Design and build robust threat detection, monitoring, investigation workflows response architectures and the components of the security analytics platform
  • Monitor and evaluate operational/security alerts
  • Conduct Threat Modeling, Design Reviews and Security Testing
  • Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
  • Partner with the DevOps team to orchestrate/automate security controls in the Ethos infrastructure/platform
  • Lead the vulnerability management lifecycle at the infrastructure, platform, and application levels
  • Participate in investigations, threat hunting, and incident response activities
  • build playbooks for specific incident response scenarios
  • Assist with compliance activities, such as SOC2 control implementation and testing, vendor risk assessments, etc.

Requirements

  • 10+ years of full time core, relevant InfoSec experience
  • Intimate familiarity with AWS cloud security, experience automating security processes in cloud environments
  • Proficiency in threat modelling, design reviews and security testing of various types of applications, technologies and platforms
  • Hands-on experience with CI/CD and DevOps tools
  • Ability to write automation scripts, ideally in more than one language
  • Experience in vulnerability/threat management activities at the infrastructure, platform, and application level
  • Experience with penetration tests/red team exercises, ideally the type that involve manual verification, exploitation, lateral movement, etc.
  • Expertise with event management/SIEM solutions, data modelling associated with building event detection and alerting capabilities
  • Able to come into our San Francisco, CA office once a week
Ethos - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Principal Security Engineer

8 matching positions

Principal Security Engineer

The Cloud & AI organization accelerates Microsoft's mission and bold ambitions t...
Location
Location
United States , Redmond
Salary
Salary:
142800.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response OR equivalent experience
  • Candidates must be able to meet Microsoft, customer and/or government security screening requirements are required for this role
  • Microsoft Cloud Background Check
Job Responsibility
Job Responsibility
  • Identify high-leverage security risks and trust seams affecting critical services, and translate them into clear, prioritized mitigation plans
  • Design enforceable security architectures and isolation patterns across identity, tenant/security boundaries, and adjacent infrastructure layers
  • Define security policies and guardrails that can be deployed safely at scale (phased rollout, validation gates, rollback strategy)
  • Partner with engineering teams across organizations to land durable controls in production, reducing reliance on exceptions and manual processes
  • Establish proof mechanisms (telemetry/validation) to measure coverage, detect drift, and verify controls are continuously effective
  • Produce crisp technical artifacts (reference architectures, decision docs, implementation guidance) that unblock execution and scale adoption
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

As a Principal Security Engineer, you will help shape how security is built into...
Location
Location
United States
Salary
Salary:
160200.00 - 269400.00 USD / Year
Zillow
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of security engineering experience, including strong experience in application security and ownership of complex security outcomes
  • experience driving or owning AI security initiatives and assessing or mitigating risks in AI- or LLM-enabled systems
  • experience leading advanced security assessments across modern applications, cloud infrastructure, and AI-enabled systems
  • strong understanding of common vulnerability classes, secure software development practices, and threat modeling
  • hands-on experience securing cloud-native environments, especially AWS, and designing secure system or cloud architectures
  • can read, write, and review code in at least one modern programming language
  • communicates security risks clearly to both technical and non-technical partners and can influence decisions without formal authority
  • experience mentoring engineers and helping raise the technical bar across a team or organization
Job Responsibility
Job Responsibility
  • Lead security assessments for high-impact applications and services, including threat modeling, secure design reviews, and penetration testing
  • Identify, validate, and prioritize complex vulnerabilities across web applications, APIs, and cloud-native services, and partner with engineers to drive secure-by-default outcomes
  • Strengthen the security of primarily AWS-based environments, with additional exposure to GCP and Azure, across areas such as identity, networking, data protection, and service integrations
  • Drive AI security initiatives by establishing guardrails, review practices, and secure design patterns for AI-enabled features and systems
  • Assess AI-specific risks, including data exposure, misuse, model abuse, prompt-based attacks, and unintended system behavior
  • Develop and promote scalable application and AI security standards, best practices, and guardrails across teams
  • Improve application and AI security tooling through configuration, integration, and ongoing optimization in partnership with engineering and platform teams
  • Mentor and influence engineers across teams, raising the technical bar and helping embed security into the way Zillow builds and ships software
What we offer
What we offer
  • equity awards
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

As the Principal Security Engineer, you will play a pivotal role in shaping the ...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
redcloudtechnology.com Logo
RedCloud
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong background in both enterprise security and product security, with experience in multinational organizations
  • Hands-on experience with security frameworks such as ISO27001, SOC2, and SOX
  • Advanced knowledge of security architecture and design principles
  • Expertise in threat intelligence and Incident response
  • Strong leadership and project management skills
  • Excellent communication and interpersonal abilities
  • Strategic thinking and ability to influence organizational change
  • Practical experience in securing cloud environments, enterprise IT systems, and security products
  • Knowledge of secure coding practices and familiarity with modern software development methodologies
  • Ability to design and implement security policies, processes, and controls that align with business needs
Job Responsibility
Job Responsibility
  • Lead and mentor the security and compliance team
  • Develop and maintain a comprehensive security strategy covering both enterprise systems and product development
  • Partner with product teams to integrate secure development practices into the software engineering lifecycle
  • Work closely with IT and security teams to ensure compliance with ISO27001, SOC2, and SOX standards
  • Collaborate across the organization to identify and mitigate security risks
  • Stay informed about latest security trends and technologies
  • Conduct regular security assessments and audits
  • Promote awareness of security best practices through training and advocacy
  • Develop and lead the organization's Security strategy
  • Oversee security architecture and design for complex systems
What we offer
What we offer
  • 25 Days Annual leave, increasing to 26 days after 12 months
  • Enhanced Company Pension (Matched up to 5% & Salary Sacrifice)
  • Healthcare Cashplan with Medicash
  • Private Healthcare with Aviva
  • Life Insurance with AIG
  • Happl benefit platform with pre-negotiated discounts on entertainment, food, and fitness
  • Stock/Equity
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

As the Principal Security Engineer, you will play a pivotal role in shaping the ...
Location
Location
Turkey , Istanbul
Salary
Salary:
Not provided
redcloudtechnology.com Logo
RedCloud
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A strong background in both enterprise security and product security
  • experience in multinational organizations
  • hands-on experience with security frameworks such as ISO27001, SOC2, and SOX
  • advanced knowledge of security architecture and design principles
  • expertise in threat intelligence and incident response
  • strong leadership and project management skills
  • excellent communication and interpersonal abilities
  • strategic thinking and the ability to influence organizational change
  • practical experience in securing cloud environments, enterprise IT systems, and security products
  • knowledge of secure coding practices and familiarity with modern software development methodologies
Job Responsibility
Job Responsibility
  • Lead and mentor the security and compliance team
  • develop and maintain a comprehensive security strategy covering both enterprise systems and product development
  • partner with product teams to integrate secure development practices into the software engineering lifecycle
  • work closely with IT and security teams to ensure compliance with ISO27001, SOC2, and SOX standards
  • collaborate across the organization to identify and mitigate security risks while enabling business growth
  • stay informed about the latest security trends and technologies
  • conduct regular security assessments and audits
  • promote awareness of security best practices across the company through training and advocacy
  • develop and lead the organization’s security strategy
  • oversee security architecture and design for complex systems
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

The Microsoft Windows Security team is looking for a learn-it-all security engin...
Location
Location
United States , Redmond
Salary
Salary:
163000.00 - 296400.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in security or related field OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 8+ years experience in security or related field OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Microsoft Cloud Background Check
Job Responsibility
Job Responsibility
  • Participate in security reviews to identify and mitigate risk in Microsoft products, including design reviews, code reviews, and fuzzing
  • Be the security contact for teams building new innovative products and technologies in the next version of Windows and devices
  • Identify security vulnerabilities in a wide variety of key OS features such as network protocols, security features, and Microsoft devices
  • Leverage a broad and current understanding of security to devise new protections
  • Interact with the external security community and security researchers
  • Collaborate with product teams to improve security, and articulate the business value of security investments
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

The Principal Security Engineer, under the direction of the Director of Security...
Location
Location
United States , Palo Alto
Salary
Salary:
147050.00 - 220800.00 USD / Year
wsgr.com Logo
Wilson, Sonsini, Goodrich & Rosati
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree required
  • 5+ of experience in Information Security
  • One or more of the following certifications preferred: GIAC, CISSP, CISM, CEH, CIPP
  • Focus on knowledge of direct support for Security Information and Event Management (SIEM) systems (e.g. configuration of feeds, developing alarm/report concepts), Red Teaming concepts and execution, and Linux skills including command line and operational/administrative usage
  • Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls
  • Experience with windows desktop, server, and database security
  • Ability to identify security technology risks and perform incident response
  • Extensive knowledge of TCP/IP networking including wireless, network monitoring/design and routing
  • Extensive understanding of the cyber kill-chain
  • Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments
Job Responsibility
Job Responsibility
  • Provide subject matter expertise in information security as it relates to networks and systems
  • Manage the Firm’s security technology including but not limited to: anti-virus, vulnerability scanning, intrusion detection, content filtering, and insider threat systems
  • Review security events from all monitoring environments not integrated with the firm SIEM, and those events escalated by the SOC, on a daily basis, and follow defined incident response processes in their analysis and reporting
  • Monitor appropriate venues for threats to the security of the Wilson Sonsini Goodrich & Rosati environment. Provide notification to all impacted parties related to the actions needed to mitigate threats and manage the threat lifecycle in totality
  • Manage and lead evaluations of the firm’s environment by external 3rd parties. Produce recommendations that integrate any findings with the business needs of the firm
  • Maintain knowledge of the information security needs of firm clients and implement measures to satisfy those requirements in the most efficient manner
  • Keep abreast of emerging security technologies and discipline developments. Make appropriate recommendations that meet the firms needs
  • Design and build operational environments that scale to meet the needs of our security products and assure appropriate reliability
  • Support general troubleshooting related to information security tasks and provide support to end users as needed
  • Provide other teams with security consulting services, including responding to requests for additional information and assisting with specific projects
What we offer
What we offer
  • discretionary year-end merit bonus based on performance
  • highly competitive salary and benefits package
  • Fulltime
Read More
Arrow Right

Principal Security Engineer

We are seeking a visionary and hands-on Principal Security Engineer to architect...
Location
Location
United States , San Antonio
Salary
Salary:
Not provided
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in cybersecurity
  • At least 5 years dedicated to Application Security or Cloud Security engineering
  • Deep technical proficiency in AWS, including native security services (GuardDuty, Inspector, WAF, KMS) and IAM policy architecture
  • Strong coding/scripting background
  • Must be able to read and review code in languages such as Python, Go, Java, or Node.js
  • Expert knowledge of modern application security frameworks and standards, specifically OWASP Top 10, OWASP API Security Top 10
  • Proven experience implementing and managing DevSecOps pipelines (Jenkins, GitHub Actions) and toolchains (SonarQube, Snyk, Veracode, etc.)
  • Hands-on experience with Container Security (Docker, Kubernetes) and securing serverless architectures
  • Demonstrated ability to write clear, concise technical policies and procedures
Job Responsibility
Job Responsibility
  • Draft and own technical security policies and procedures for Engineering and Product teams
  • Serve as the primary security liaison to the Engineering and Delivery teams
  • Partner with the Head of InfoSec and GRC teams to maintain our Unified Control Framework
  • Architect and mature the Secure Software Development Lifecycle (SSDLC)
  • Lead threat modeling for new features and major architectural changes
  • Manage the Vulnerability Assessment and Penetration Testing (VAPT) program
  • Act as a mentor to developers, providing "just-in-time" training on secure coding practices
  • Own the security architecture for our multi-cloud environment (AWS, Azure, GCP)
  • Pioneer our AI Security Strategy
  • Design and maintain Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWPP) strategies
Read More
Arrow Right

Principal Security Engineer

The Microsoft Security Analysis & Fix Engineering (SAFE) team is dedicated to bu...
Location
Location
United States , Redmond
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 4+ years of experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Risk Management, Cyber Security, or related field AND 6+ years of experience in software development lifecycle, large scale computing, threat modeling, cyber security, or anomaly detection
  • OR equivalent experience
  • Ability to meet Microsoft, customer and/or government security screening requirements
  • Required to pass the Microsoft background and Microsoft Cloud background check upon hire/transfer and every two years thereafter
Job Responsibility
Job Responsibility
  • Investigate code vulnerabilities and generalize code patterns for detections
  • Create static code analysis rules and expressions for finding vulnerable code patterns
  • Apply static code analysis and validate results manually and using automation
  • Improve tooling used in static code analysis and results processing
  • Assist with active incident research, detection, mitigation and post-incident response
  • Embody our culture and values
  • Fulltime
Read More
Arrow Right