Senior AI Cloud Security Engineer

About the Role

We are seeking a highly experienced and action-oriented Senior Security Engineer to join the

Grand Central Platform team. This role focuses on developing and maintaining the robust

security posture of platforms key to our business, including the IPaaS (Integration Platform as a

Service) and the AI Agentic platform, which serve both internal employees and external financial

institution customers.

The ideal candidate possesses a strong technical and hands-on approach. You won't just

identify vulnerabilities and explain risks; you will actively collaborate with the team to implement

fixes. Our team champions the principle of "security as everyone's responsibility," adhering

strictly to established security standards and conventions.

What You'll Do & Key Responsibilities

1. Platform Security Ownership:

Own the overall security posture of the Platform.

Act as the security representative for the team, conducting threat modeling, vulnerability

testing, risk analysis, and security assessments, and supporting incident handling.

Mentor team members and contribute to the growth of the team's security capabilities.

Propose and drive security initiatives, collaborating across various teams within the

company, and actively participate in the Security Guild.

2.Architecture, Design & Cloud Security Implementation (Azure Focus):

Collaborate with architects to enforce the secure by design principle for new Platform

components.

Design, implement, and maintain secure cloud infrastructure and controls within Azure

environments.

Ensure compliance with relevant security standards and regulations through regular

security assessments and risk analyses.

Implement and maintain cloud security best practices across Azure environments.

Bring deep expertise to designing and developing architectures that enhance visibility,

detection, mitigation, and observability.

3. Threat and Risk Management:

Conduct comprehensive risk assessments, threat modeling, and penetration testing.

Identify vulnerabilities and recommend strategic mitigation strategies for cloud security

threats.

Secure cloud network architectures (Networking & Security).

4. Identity, Access, and Monitoring:

Design and enforce least privilege access and secure authentication mechanisms

(Identity & Access Management - IAM).

Maintain security monitoring tools (SIEM, CSPM, EDR), investigate threats, and manage

security incident response.

5. DevSecOps & Automation:

Embed security into CI/CD pipelines using DevSecOps methodologies.

Automate security compliance checks and vulnerability assessments.

Utilize expertise in Terraform or OpenTofu for Infrastructure as Code (IaC) security

automation.

Collaborate with development teams to integrate security into the Secure SDLC,

promoting secure coding practices and regular security testing.

Required Qualifications

8+ years of hands-on experience in cloud security, DevSecOps, or cloud engineering

with a dedicated security focus.

Deep expertise in Azure cloud security architecture and services.

Strong experience with Cloud IAM, specifically: Azure AD, RBAC, PIM, and

Conditional Access.

In-depth knowledge of IAM, RBAC, and access policies in Azure.

Proven experience in designing and maintaining cloud-based IaaS, PaaS, and SaaS

environments.

Expertise in Terraform or OpenTofu for IaC security automation.

Experience with security monitoring tools SIEM, CSPM, EDR (e.g., Azure Sentinel,

Defender for Cloud).

Strong proficiency in scripting and automation (Python, Go, Bash).

Solid networking knowledge, including firewalls, VPNs, VNET peering, and WAF.

Experience in DevSecOps and embedding security into CI/CD pipelines, along with a strong understanding of Secure SDLC.

Familiarity with security compliance standards (e.g., NIST, CIS, ISO 27001, SOC 2).

Familiarity with LLM/AI system vulnerabilities (e.g., prompt injection, data poisoning, adversarial attacks).

Demonstrated ability to identify, triage, and resolve security issues across traditional and

AI-based systems. Offensive security experience is a significant plus.