Associate Principal Engineer Cloud Security

Company Description

👋🏼 We’re Nagarro.

We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at scale across all devices and digital mediums, and our people exist everywhere in the world (17500+ experts across 39 countries, to be exact). Our work culture is dynamic and non-hierarchical. We’re looking for great new colleagues. That’s where you come in!

Job Description

Must have Skills : Cyber Risk Management, Technology Architect - Governance and compliance, Cloud Security.

Good To Have Skills : Security Roadmapping, Code Security Review

We are seeking an experienced Cyber Security Architect to design, implement, and continuously improve the security architecture across our enterprise systems, cloud environments, and application ecosystem. This role requires strong expertise in secure design principles, threat modeling, cryptographic systems, hardware security module (HSM) operations, and evaluating software integrations for security and compliance.

Key responsibilities:

• Develop and maintain enterprise level security architecture, reference models, and security patterns.
• Conduct threat modeling (using STRIDE, DREAD, LINDDUN, or similar methodologies) for applications, APIs, and infrastructure.
• Review high level and low level solution designs for security gaps and recommend mitigations.
• Define secure coding guidelines and assist development teams in secure implementation Cryptography & Hardware Security Module (HSM).
• Manage and operate HSMs (Thales, nCipher, Azure Key Vault Managed HSM, AWS CloudHSM, etc.)
• Oversee lifecycle operations: key generation, rotation, storage, distribution, and decommissioning - Implement and enforce cryptographic standards (AES 256, RSA ²⁰⁴⁸⁄₄₀₉₆, ECC, TLS 1.²⁄₁.3, etc.).
• Integrate HSMs into application workflows and enterprise systems Compliance & Security Validation.
• Validate third party and internal software integrations for compliance (ISO 27001, PCI DSS, SOC 2, local regulatory standards).
• Perform architectural risk assessments and oversee secure onboarding of vendors and SaaS platforms.
• Ensure alignment of solutions with Zero Trust principles and enterprise security policies Cloud & Infrastructure Security.
• Architect secure solutions in cloud environments (Azure, AWS, GCP) - Define IAM, network segmentation, encryption, and logging strategies.
• Evaluate and enhance container and Kubernetes security Incident Response & Governance.
• Contribute to incident response planning and root cause analysis .
• Maintain security documentation, roadmaps, and architectural standards.
• Collaborate closely with DevOps, development, networking, and governance.

Qualifications

• 7 - 12 years of total experience in cyber security, information security, or related fields.
• 3 - 5 years specifically in security architecture or security engineering roles.
• Hands on experience with enterprise security tools, cloud security configurations, and security frameworks.
• Experience working in regulated or compliance driven environments (e.g., PCI DSS, ISO 27001, GDPR, KSA regulatory requirements).
• Education Bachelor’s or Master’s degree in Computer Science, Cyber Security, Information Systems, or a related field (or equivalent practical experience).
• Knowledge of security architecture frameworks (SABSA, TOGAF, NIST CSF, NIST 800 53).
• Proficiency in threat modeling and secure design methodologies.
• Hands on experience with HSMs, cryptography, and key management systems.
• Deep understanding of IAM, network security, cloud security, and API security.
• Experience with secure SDLC and DevSecOps practices.
• Knowledge of SIEM, SOAR, endpoint security, and vulnerability management tools.
• Ability to evaluate software for regulatory compliance and conduct risk assessments.
• Strong documentation and communication skills Good to have skills.
• Experience with microservices security, container security (Docker, Kubernetes).
• Familiarity with SAST, DAST, SCA, and IaC security scanning tools - Knowledge of PKI, certificate management systems, and digital signatures.
• Experience in payments security, tokenization, or financial industry standards.
• Exposure to OT/IoT security.
• Scripting/automation skills (Python, PowerShell, Bash).
• Understanding of Zero Trust and Secure Access Service Edge (SASE) architectures.