Principal Security Engineer

Who are we?
Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines.  Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.
Summary
The Principal Security Engineer a member of our InfoSec team charged with developing the systems, policies, and procedures for delivering our services securely in line with our organization's security strategies. This role involves providing expert guidance on security architecture, conducting risk assessments, and leading the design of complex security solutions. You'll work closely with cross-functional teams to embed security into the software development lifecycle, define and enforce security policies, and lead incident response efforts.

How will you contribute?

• Provide expert guidance on security architecture, technologies, & best practices across the organization.
• Lead the design & implementation of complex security solutions for web applications & APIs.
• Conduct in-depth risk assessments, security reviews, & threat modeling.
• Collaborate with cross-functional teams to integrate security into the software development lifecycle, including CI/CD pipelines.
• Define & enforce security policies, standards, & procedures, ensuring alignment with industry regulations & internal requirements.
• Lead incident response & forensic investigations for complex & high-impact security incidents.
• Provide subject matter expertise in security-related discussions with customers, partners, & regulatory bodies.
• Drive security automation initiatives to streamline security processes, reduce manual intervention, & improve efficiency.
• Lead red team exercises & vulnerability assessments to identify weaknesses in systems & applications.
• Collaborate with executive leadership to align security initiatives with business goals & strategies.
• Collaborate with legal & compliance teams to ensure adherence to privacy regulations & data protection requirements.
• Lead the development & maintenance of incident response plans, playbooks, & communication strategies.
• Play a key role in representing the organization during audits & compliance assessments.
• Lead the creation of comprehensive security documentation & training materials for both technical & non-technical audiences.
• Educate developers on secure coding best practices, conduct workshops, & provide guidance on writing secure code to prevent vulnerabilities.
• Collaborate with cross-functional teams to design & implement security controls that address business continuity & disaster recovery needs.

What will you bring?

• A Bachelor's degree in Computer Science, Information Technology, or a related field, or a combination of education & experience.
• A minimum of 9+ years of IT experience.
• 7+ years of dedicated security experience.
• Expertise with container technologies & orchestration platforms (Docker/Kubernetes).
• Deep expertise in network security, network technologies, & monitoring tools.
• Extensive experience in delivering security tests across CI/CD pipelines using various testing methodologies (SAST, DAST, runtime testing), particularly against industry standards like NIST.
• Strong background in developing security practices for multiple Infrastructure-as-a-Service (IaaS) platforms (AWS, GCP, Azure, vSphere).
• Thorough experience in configuration management technologies (Puppet, Chef, SaltStack, etc.).
• Proficiency in build & packaging processes in a Linux/Java environment (Maven, rpm, etc.).
• Advanced programming & scripting skills (Python, Ruby, GO, Bash, etc.).
• Hands-on experience in designing & implementing security solutions, including firewalls, intrusion detection systems, authentication systems, & more.
• Effective communication skills to collaborate with cross-functional teams & convey security concepts to non-technical stakeholders.
• In-depth understanding of cybersecurity principles, practices, & methodologies.
• Familiarity with common cyber threats, attack vectors, & vulnerabilities.
• Proficient with incident response procedures & best practices.
• Expert with vulnerability management tools & practices.
• Knowledge of cryptographic protocols & key management.
• Proficiency in scripting languages (e.g., Python, PowerShell) to automate security tasks.
• Dedication to staying updated with the latest security trends, tools, & techniques.
• Proficiency in creating clear & comprehensive security documentation, reports, & procedures.
• Familiarity with relevant regulations (GDPR, HIPAA, etc.) & industry standards (ISO 27001, NIST).

About our culture
Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.