Principal Security Engineer at Cashfree Payments India Private Limited

Bellandur, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

12 Aug, 26

Salary

0.0

Posted On

14 May, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

AWS Security Architecture, Kubernetes Security, DevSecOps, Terraform, Python, Go, API Security, Vulnerability Management, Threat Modeling, SIEM/SOAR, Zero Trust, CI/CD Security, PCI-DSS Compliance, IAM, Detection Engineering, AI-Driven Security

Industry

Financial Services

Description

Principal Security Engineer End-to-End Security Posture, Architecture & Automation Leadership Location: Bangalore (Work From Office) Reports to: CISO Cashfree Payments manages mission-critical payment and API infrastructure under RBI and PCI-DSS compliance. We require uncompromising security and resilience to handle high-volume financial transactions. We are building an automation-first, intelligence-driven security organization designed to scale with business growth without linear headcount expansion. Role Summary The Principal Security Engineer owns the security engineering strategy across application, cloud, and detection. This role partners closely with Engineering, Platform, and GRC teams, with the authority to define security standards, guardrails, and architectural baselines. This is an engineering-driven security leadership position, not a ticket-triage or compliance reporting role. We seek a highly autonomous, hands-on security engineer to own and elevate the organization’s security posture end-to-end. This is a builder’s role focused on designing scalable systems. The role requires someone who: ● Operates independently, converting ambiguity into structured execution. ● Defines measurable security KPIs and delivers sustained improvement. ● Engineers scalable automation across the security lifecycle. ● Leads technical decision-making and mentors team members. ● Leverages AI and emerging technologies to amplify security impact. Key Responsibilities Enterprise Security Posture & Risk Engineering ● Define and track measurable KPIs (risk reduction, MTTR). ● Design and operationalize vulnerability lifecycle management. ● Translate RBI and PCI-DSS expectations into automated technical controls and build engineering-driven audit readiness frameworks. ● Identify and eliminate systemic security weaknesses. Secure Architecture & Cloud Security Engineering ● Architect and secure multi-account AWS environments, hardening Kubernetes (EKS). Implement Zero Trust principles (mTLS, OAuth2, OIDC, JWT). ● Engineer IAM, secrets management, encryption controls, and network segmentation (VPC architecture, WAF). ● Embed security controls into Infrastructure-as-Code (Terraform). Shift-Left & DevSecOps Automation at Scale ● Architect fully automated CI/CD-integrated security testing (SAST, DAST, SCA, Container scanning, IaC scanning, Secrets detection). ● Build policy-as-code guardrails, engineer contextual vulnerability prioritization, and drive security-as-code adoption to reduce manual review dependency. Offensive Security & Threat Modeling Leadership ● Oversee and coordinate periodic VAPT engagements (internal and external). ● Conduct advanced white-box security assessments and lead structured threat modeling (STRIDE). ● Review authentication/authorization logic, evaluate API attack surfaces, and demonstrate exploitability where necessary. Detection Engineering, Incident Leadership & Response Maturity ● Design scalable detection strategies using cloud-native telemetry (CloudTrail, Kubernetes logs) and SIEM/SOAR. ● Engineer contextual alerting, lead technical response during incidents, drive root cause analysis, and improve detection/response automation. AI-Driven Security Innovation ● Implement AI-assisted secure code review and vulnerability triage. ● Identify and mitigate LLM security risks. ● Automate prioritization using contextual risk signals and continuously evaluate emerging AI-driven security technologies. Technical Leadership & Team Elevation Mentor team members, establish reusable security frameworks and engineering standards, influence architecture decisions, and build scalable security systems. Technology Environment ● AWS (multi-account architecture) ● Kubernetes (EKS-based microservices) ● API-driven services (Java / Go / Node ecosystem) ● CI/CD pipelines (Git-based workflows) ● Infrastructure as Code (Terraform) ● Centralized logging and monitoring stack Required Qualifications and Expertise ● B.Tech. in Computer Science, Electrical, or Computer Engineering, or equivalent work experience as a software engineering or security practitioner. ● 8+ years of deep hands-on security engineering experience (or equivalent architectural depth). ● Proven track record of independently driving security transformation. ● Strong expertise in: AWS security architecture, Kubernetes & container security, Secure SDLC & CI/CD integration, IaC security, API & authentication security, Vulnerability lifecycle management, and Detection engineering. ● Strong programming/scripting skills (Python/ Go). ● Experience correlating technical risk to business impact. ● Ability to operate effectively without detailed managerial direction. What Excellence Looks Like ● Security posture measurably improves quarter over quarter. ● Automation replaces repetitive manual effort. ● Critical vulnerabilities decline structurally. ● Detection and remediation timelines consistently improve. ● Audit cycles become predictable and engineering-driven. ● Security scales without proportional headcount growth.

Responsibilities

The Principal Security Engineer defines and executes the end-to-end security strategy across application, cloud, and detection layers. This includes architecting scalable automation, implementing Zero Trust principles, and ensuring compliance with RBI and PCI-DSS standards.