Principal Security Engineer

SoftwareOne is looking for an experienced Principal Security Engineer who possesses a blend of technical expertise, strong communication skills, and knowledge of the compliance process. SoftwareOne's Marketplace Platform is a digital two-sided business automation platform for client engagement and vendor interaction. It provides a streamlined experience for clients to access, purchase, and manage various software products and services. As we continue to expand and enhance our offerings, we are committed to ensuring the highest level of security for our users. The Principal Security Engineer will be leading our efforts in establishing a robust security framework. Responsibilities: This role is critical in introducing security best practices and setting a security standard that all teams will strive to meet. You will work closely with our development, product and operations team to ensure our platform is secure and resilient against threats. Develop and implement a comprehensive security strategy for our marketplace platform Introduce and apply security best practices across the development lifecycle Work closely with development teams to integrate security into the design and development of new features and functionalities. Creating fun ways to spread technical security awareness throughout the engineering department Provide training and guidance to development and product teams on secure coding practices and threat modeling. Consider how malicious parties may compromise our systems, and advise developers and product managers on what defenses are needed Penetration testing – identify security vulnerabilities on our production or staged applications during internal pen test or help coordinate with external resources Taking ownership and responsibility of security audits, remediations and compensating controls Collaboration with the compliance and privacy teams – help ensure that our company complies with industry best practices and standards Playing a leadership role during any security events by evangelizing and conducting the right behaviors to achieve best outcomes What we need to see from you: Proven in-depth experience of cyber security in a SaaS product environment. A hands-on engineer, who can implement security solutions and identify risks Experience of working with engineering teams to evangelize and improve security practices Implemented security policies and solutions via code Cloud experience - Azure is preferred, although a very strong candidate with significant AWS experience will be considered An effective and patient communicator, willing to devote extensive time towards teaching and advocacy in an engineering organization Able to navigate compliance processes, interfacing with the SoftwareOne CISO office, working with external consultants, and communicating with customers Able to intuitively solve highly complex problems Able to pragmatically prioritize and work calmly and effectively under pressure Recent experience of working on a green or blue team is an advantage Fluent English language capability