Platform Security Engineering Lead Job In Na

About the Role

We are seeking a seasoned Platform Security Engineer to lead all aspects of platform security. This is a senior role that blends technical vision, leadership and a requirement for being hands-on in embedding security and resilience. The role requires excellent communication skills, the ability to drive and deliver a razor sharp path for improving Aquanow’s security posture across platforms and services.

What You’ll Do:

• Security Engineering and Architecture: Development and review of security architecture for all platforms, services, APIs and CI/CD pipelines.
• Lead and execute threat modelling efforts across the Engineering team.
• Lead and perform security architecture reviews and ensure technical decisions are aligned with risks and engineering velocity.
• Partner with Engineering and promote security practices such as hardening standards for applicable components, logging practices etc.
• Work with the broader Security team, Engineering and GRC to tune, scale security tooling, automation and secure processes.
• Design, review, and ensure security controls, including authentication/authorization, secret management, account takeover protection, and application layer threat detection.
• Work closely with developers to code securely from the outset and address issues early during coding and testing phases. Ability to conduct in-depth security reviews of application code.
• Enhance security tool accuracy and oversee vendor/open-source proof-of-concepts (PoVs).
• Evangelize security culture through security champion program and technical developer-focused security training.

Strategic

• Define and help execute a comprehensive platform security strategy that aligns with business, technology and product objectives.
• Establish KPIs, OKRs and reporting mechanisms.
• Guide Engineering teams in designing and integrating security aspects into Aquanow’s products, services, and software development lifecycle.
• Help to continue to develop team and security service capabilities across the Security domains in close collaboration with the broader Security and GRC teams.

You’ll Need to Have:

• 10+ years of experience working with AWS cloud architecture and application security with a strong software engineering foundation.
• Expert understanding of mobile, web, cloud, container, and cryptographic technologies and security practices.
• Offensive security minded with in-depth knowledge of current and emerging cyber threats, testing procedures, and their mitigations.
• The ability to quickly and deeply learn new technology stacks and modern CI/CD pipelines, including Docker, Kubernetes, AWS, Node.js and gRPC.
• Experience with Java and related toolchains
• Experience with manual source code review, and embedding security to code in production environments.
• Experience with deploying application security tools in the CI/CD pipeline
• Relevant certifications (e.g. OSCP, OSWE, GWAPT, CISSP) are a plus.
• Strong knowledge of security principles, best practices, and common vulnerabilities (e.g., OWASP Top 10)
• Experience with SAST, SCA, and DAST, with the ability to address real-world challenges in these areas.
• Familiarity with CI/CD tools such as GitHub Actions, Jenkins or CircleCI.
• Ability to work independently and problem solve.
• Strong independent critical thinking with the capability to form, check and challenge opinions through knowledge sharing.
• Skillful in assessing and managing security risks with a pragmatic solution-first approach.

The Interview Process:

• Stage 1: A 45-minute intro with the IT Security Lead
• Stage 2: A 60-minute deep dive with the VP of Engineering
• Stage 3: A 45-minute video call with the CISO
• Stage 4: Potential for a short follow up video call