Position Title: Principal Security Architect
Location : US Remote 100%
Level : Director / Principal
About the role:
As the world moves even more online due to the coronavirus pandemic, customers are connected and empowered like never before. Customers want an immediate, personalized and consistent experience, no matter which channel they choose to engage with a brand. Sprinklr helps brands meet the demands of today’s customers by providing them with the insights they need to make every interaction matter. Sprinklr is a Customer Experience Management (CXM) platform for modern enterprises with 2500+ employees helping the world’s most valuable enterprises make their customers happier. Learn more about our culture and how we make our employees happier through The Sprinklr Way.
Sprinklr is hiring for an exciting security position as it builds a world class security team. This role will fall under the product security vertical where you will play a central role in shaping the technical strategy and vision for Sprinklr’s AppSec, InfraSec and tooling programs. You need to enjoy building, breaking, consulting, educating and assessing risk across a wide range of technologies and clouds. If you like going deep and broad at the same time and have previously worked in a security role, this opportunity will truly excite you. This role will report to the Head of Product Security and is a part of the central security team at Sprinklr
The person joining this position will technically influence the companywide product security program and roadmap.
- Define baseline security standards for application and public clouds that will act as the blueprint for Sprinklr’s security program.
- Drive Sprinklr’s Secure Software Development Lifecycle and educate and onboard product teams to it.
- Help proactively assess security risk through product deep dives, threat modelling, requirements, design, architecture and implementation reviews.
- Review architecture, vulnerabilities, code, tool findings etc for products deployed in FedRAMP cloud environments.
- Partner with product teams, Engineering/R&D, DevOps, peers and security champions on all things product security.
- Identify common security design patterns and influence adoption of central secure platforms and solutions.
- Understand, research and internalize external vulnerabilities and security trends.
- Identify opportunities for security tooling and automation.
- Ideate, prototype and experiment with tools with a goal to scale Sprinklr’s security program.
- Help improve security tooling, processes and how product teams approach security in their day to day work.
- Be a security advocate and subject matter expert within the organization and be able to effectively communicate security risk and concepts to both technical and non-technical audiences.
- Collaborate closely with the Security, Legal, and R&D/Engineering teams to create a committed roadmap for security fixes and enhancements.
- Roll up your sleeves in urgent or reactive situations.
Skills & Qualifications:
- 8 to 10 years of experience in application and/or infrastructure security OR experience as software developer or architect in large-scale, distributed software projects, preferably with cloud service providers (SaaS, IaaS, PaaS)
- Have sound security concepts with proficiency in web security (OWASP10) and Android/iOS security.
- Deep understanding of security controls for modern architecture, especially AWS, Azure, GCP, and Kubernetes-based delivery platforms
- Comprehensive experience in selecting, operating, and rationalizing security tooling for common security processes, including SAST, DAST, IAST, RASP, SCA, etc.
- Experience in threat modeling, security code reviews with an eye to identify security flaws.
- Experience triaging, identifying and prioritizing security risk with a clear understanding of its impact to an organization.
- Experience with running a bug bounty program and interfacing with the external security community will be an added plus.
- Excellent written and verbal communication skills.
- Be a continuous learner and have the knack to learn new technologies, trends and concepts.
- The applicant should be a citizen or permanent resident of the United States (for FedRAMP).
Nice To Have:
- A degree (Bachelors, Master, PhD) in Computer Science, Security or a related discipline.
- Experience with CI/CD pipelines and supply chain security.
- Basic knowledge of GitOps, infrastructure as code
- Contribution to or experience using open source security tooling.