Senior Principal Security Architect – Cloud & Application Security en Saviynt

As a Principal Security Architect in the Engineering department, you will play a critical role in
helping define, implement, and continuously improve our cloud security strategy, architecture,
and engineering practices. This is a senior, hands-on role that combines security architecture
leadership with deep technical execution across cloud, application, and DevSecOps domains.

 

You will work closely with engineering, product, DevOps, and Infosec teams, as well as
customers and partners, to identify, prioritize, and remediate security risks across cloud
platforms and applications. You will also help drive secure-by-design principles across agile and
scrum teams, ensuring security is embedded throughout the development lifecycle.

 

 

    

Key Responsibilities

Security Architecture & Strategy

Define, assess, and evolve the cloud security architecture and strategy across AWS, Azure, and GCP environments.

Lead and participate in cloud security architecture reviews, threat modeling sessions, and design assessments aligned to industry best practices.

Act as a subject-matter expert in CNAPP, CWPP, and CSPM technologies and cloud security risk frameworks.

Participate in Certification

Application & Cloud Security Engineering

Identify, analyze, and remediate cloud and application security issues on a day-to-day basis.

Analyze and remediate CSPM and CWPP findings, including identity risks, network exposure, vulnerabilities, and compliance gaps.

Work hands-on with development teams to design secure systems and implement fixes for security vulnerabilities.

Provide expert guidance on OWASP Top 10 vulnerabilities and lead remediation efforts across applications.

Identity & Access Security

Design and implement secure authentication and authorization solutions.

As an Identity security company, Strong knowledge of Identity security principals and security processes is a Must Have.

Demonstrate deep hands-on expertise with SAML, OAuth 2.0, and related identity protocols, including writing and reviewing production-grade code.

DevSecOps & CI/CD Integration

Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines and deployment workflows.

Build, review, and improve integrations between CI/CD pipelines, ticketing systems, and SIEM/SOAR platforms.

Perform technical health checks of cloud environments and DevSecOps pipelines prior to large-scale or production deployments.

Risk Management & Governance

Prioritize security risks based on business impact and attack paths, partnering closely with Product Management to drive remediation focus.

Create and maintain dashboards, metrics, and executive-level reports for security governance and leadership visibility.

Participate in internal and third-party audits, supporting evidence collection and remediation activities.

Collaboration & Communication

Lead and participate in security-related discussions with customers, partners, and internal stakeholders.

Work closely with InfoSec teams to develop communication plans and messaging for security issues and changes.

Communicate security risks, remediation plans, and architectural decisions clearly to scrum teams and leadership.

       

- Complete security & privacy literacy and awareness training during onboarding and annually thereafter

- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):

> Data Classification, Retention & Handling Policy

> Incident Response Policy/Procedures

> Business Continuity/Disaster Recovery Policy/Procedures

> Mobile Device Policy

> Account Management Policy

> Access Control Policy

> Personnel Security Policy

> Privacy Policy