Principal Security Architect

• Security Strategy and Planning: Defining and implementing the organization's security strategy, roadmaps, and long-term vision.
• Security Architecture Design: Developing and maintaining the overall security architecture, including defining security frameworks, standards, and controls.
• Incident Response: Participating in incident response activities, providing expertise in identifying, containing, and recovering from security incidents.
• Risk Management: Identifying and assessing security risks, developing mitigation strategies, and ensuring alignment with business objectives.
• Security Compliance: Ensuring compliance with relevant security regulations, industry standards (e.g.,

• Security Architecture Design: Ability to design and implement secure and scalable architectures across various environments (e.g., cloud, containerized, on-premises), including developing and maintaining threat models and security reference architectures, with a strong emphasis on Zero Trust principles.

• Security Operations & Incident Response: Experience with Security Information & Event Management (SIEM) systems, vulnerability scanners, malware analysis, and handling security incidents. The ability to lead threat modeling activities and support penetration testing is also important.

• Networking: In-depth knowledge of networking principles, including routers, switches, firewalls, load balancers, and wireless devices, as well as network security protocols and technologies like VLANs, VPNs, IDS/IPS, and network segmentation.

• Cloud Security: Expertise in cloud security principles and technologies across major platforms like AWS, Azure, and GCP, including implementing security controls and best practices in cloud environments.

• Identity and Access Management (IAM): Strong understanding of enterprise IAM systems, including platforms like Okta, SailPoint, and Active Directory (AD), and the ability to implement and manage secure access controls based on the principle of least privilege.

• Data Protection: Knowledge of data protection methods like encryption, pseudonymization, and shuffling, and how to apply them effectively to safeguard against data corruption, compromise, and loss.

• Security Testing & Analysis: Experience in conducting penetration testing, vulnerability assessments, ethical hacking, and risk analysis to identify and mitigate security risks.

• Security Automation & DevSecOps: Hands-on experience with security automation tools and scripting languages (e.g., Python, Lambda, Terraform) to streamline security processes and embed security into CI/CD workflows and Infrastructure-as-Code (IaC) processes.

• Security Tools & Technologies: Proficiency in using various security tools and technologies, including SIEM platforms, XDR, cloud-native threat detection tools, vulnerability scanners, and encryption tools.

• Operating Systems: Experience with various operating systems, including Windows, Linux, and UNIX.

• Application Security: Experience in web application security, OWASP, API security, and secure design and testing.

• SaaS Security: Experience with SaaS permission management, experience with SSPM (SaaS Security Posture Management)

• AI for Security: real word experience with AI/LLM/Agentic for security, especially adopt LLM in SIEM rule, SOAR optimization.

• Scripting skills in Python, PowerShell or Bash

• Education: Typically, a master’s degree in computer science, Information Security, or a related technical field is required.

• Minimum of 10-12+ years of progressive experience in cybersecurity, including at least 5-7 years in a security architecture or senior-level engineering role.

• Experience securing workspace and key enterprise systems, including IAM, e-mail, DevSecOps, SaaS, and back-office systems.

• Essential soft skills: Analytical Thinking; Problem-Solving; Risk Management; Adaptability & Continuous Learning;Attention to Detail

• Experience working with remote, globally distributed teams

• Relevant certifications:

Tencent