Security Engineering Lead Customer Experience Group

The Security Engineering Lead owns and continuously improves the organization s security posture across cloud platforms, enterprise systems, applications, AI solutions, and third-party services.

This is a hands-on leadership role combining governance, engineering validation, automation, and client-facing security representation. Security must be embedded into architecture, development workflows, AI adoption, and operational practices in a scalable and structured way.

Your duties will also involve:

Key Responsibilities

1. Own and maintain the ISMS aligned with ISO 27001
2. Manage risk assessment frameworks, policies, and security KPIs
3. Ensure alignment with client security requirements
4. Drive continuous maturity improvement

1. Operate a structured vulnerability management program
2. Conduct internal scans and coordinate external penetration testing
3. Validate remediation and track resolution progress
4. Provide structured reporting on risk posture

1. Define secure coding standards and security gates
2. Implement SAST, DAST, and dependency scanning
3. Integrate security into CI/CD pipelines
4. Review high-risk features and validate remediation

Automation-first approach, with targeted manual validation when required.

1. Define and validate cloud security baselines
2. Review IAM models, network segmentation, firewall and WAF controls
3. Ensure encryption, logging, monitoring, and least-privilege principles
4. Lead Microsoft 365, Defender, endpoint, and identity security governance

Hands-on ownership of enterprise security controls.

1. Assess vendor security posture prior to adoption
2. Maintain vendor risk framework
3. Respond to client security questionnaires and due diligence
4. Support contract-level security discussions

1. Assess security implications of new tools and AI platforms
2. Define guardrails for responsible AI and data usage
3. Ensure secure-by-design technology adoption

1. Maintain incident response plans and escalation procedures
2. Coordinate security incidents across environments
3. Lead post-incident reviews and corrective actions

1. Promote security awareness and best practices
2. Train teams on secure development and operations
3. Continuously improve automation and controls

Security is a business enabler, not a blocker

Technical Skills

• Strong cloud security and architecture validation expertise
• Network security, firewall, and web application protection knowledge
• DevSecOps and CI/CD security integration
• Application vulnerability assessment capability
• AI and third-party tool risk evaluation

Soft Skills

• Strong ownership mindset
• Risk-based decision making
• Clear communicator with technical and non-technical stakeholders
• Comfortable in client-facing discussions
• Structured and composed during incidents
• Automation and continuous improvement oriented