About the role
Job Overview:
Welcome to Decision Foundry!
Decision Foundry is a cloud-native, AppSec-first data and decisioning organization operating across the US, India, and Canada. As Principal Security & Cloud Engineer, you are our most senior hands-on technical authority across cloud infrastructure, application and AI security, and the engineering side of Governance, Risk, Compliance & Privacy (GRC).
About Role:
This is a deep, hands-on technical-lead role. You set technical direction and build secure cloud and AI systems yourself, and you also carry full operational ownership of the IT Department — running day-to-day IT operations and service delivery end to end. You raise the bar across the engineering organization through mentorship and reusable standards, leading by expertise and influence rather than formal people management.
What You'll Do
Cloud Infrastructure & Engineering (AWS - primary , Azure/M365 - secondary)
- Design and build secure, cost-aware cloud infrastructure on AWS (ECS, Lambda, Amplify, VPC, Aurora/RDS, S3, CloudFront), with Azure/Microsoft 365 secondary.
- Define Infrastructure-as-Code (Terraform/CloudFormation) and secure CI/CD (GitHub Actions) so secure configuration is the default.
- Keep cloud services reliable and observable, and act as the senior technical escalation point for infrastructure incidents.
Security and Application Security
- Own Decision Foundry’s three-layer AppSec framework and keep it embedded in how teams build.
- Run cloud and application security tooling (CSPM/CNAPP, SAST/DAST, vulnerability management) and software supply-chain security (SBOM via CycloneDX, Trivy/Syft, Dependency-Track).
- Lead threat modeling, secure design reviews, and VAPT cycles across web, standalone, and agentic AI applications.
AI & LLM Security
- Secure Decision Foundry’s AI/LLM footprint across AWS Bedrock and direct-provider integrations.
- Defend against AI-specific threats (prompt injection, jailbreaks, data/model exfiltration, RAG poisoning), aligned to the OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS, and ISO 42001.
- Implement AI guardrails, RAG security, and model/prompt governance, and validate AI data-residency claims (e.g. PHI in US and Canada regions).
Governance, Risk, Compliance & Privacy
- Provide the hands-on technical implementation behind ISO 27001, SOC 2, GDPR, DPDP, and HIPAA.
- Lead internal and external audits and certification programs, and own the technical answers to client security questionnaires.
- Maintain data flow diagrams, security dashboards, IT & security metrics, and risk registers.
IT Operations & Department Ownership
- Hold end-to-end ownership of the IT Department — IT operations, service delivery, and SLA compliance across all locations.
- Own the service desk / ITSM platform and processes, ensuring adequate coverage during business hours and timely resolution.
- Manage endpoints, identity, email (Microsoft 365 / Entra ID), networks, and servers, including user onboarding/offboarding and access lifecycle.
- Own IT asset lifecycle, software licensing, vendor relationships, and IT procurement, and plan the annual IT budget and capacity for assigned locations.
- Maintain IT & security policies and standards, and report IT & security program status, metrics, and risks to the business.
Technical Leadership & Monitoring
- Raise the engineering bar through design reviews, reusable standards, and runbooks — leading by influence.
- Mentor IT and security engineers on cloud, AppSec, and AI-security practices.
- Deliver security awareness and technical enablement, and act as the senior technical point of contact for vendors and stakeholders.
Requirements
Core Technical Skills
- Deep, hands-on cloud engineering expertise on AWS (ECS, Lambda, Amplify, VPC, IAM, Aurora/RDS, S3, CloudFront), with working knowledge of Azure / Microsoft 365.
- Strong networking, Linux/Windows, and systems fundamentals, plus production experience with Infrastructure-as-Code (Terraform/CloudFormation) and CI/CD (GitHub Actions).
- Proven application and cloud security engineering: IAM and least-privilege design, secrets management, SAST/DAST/CSPM tooling, VAPT, threat modeling, and software supply-chain security (SBOM).
- Practical experience securing AI/LLM systems — Bedrock or comparable platforms, prompt-injection defenses, guardrails, and RAG security — mapped to OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS, and ISO 42001.
- Hands-on GRC engineering experience implementing and evidencing ISO 27001, SOC 2, GDPR, DPDP, and HIPAA controls in a cloud-native environment.
- Experience managing service desk / ITSM systems and tools, and a working knowledge of relevant industry standards, best practices, and legal/regulatory requirements.
- Strong written and verbal English for policy, standards, and design documentation, and an interest in clear technical communication and content related to information security.
- Flexibility to collaborate across US, India, and Canada time zones as required (no night shifts).
Experience & Qualifications
- 13–15 years in IT/cloud engineering and IT service delivery, with deep expertise in information security — ideally including cloud security, application security, and GRC.
- A track record as a senior hands-on technical lead who both builds systems directly and owns IT operations / service delivery end to end.
- Degree or Diploma in IT, Computer Science, or a related field.
- Preferred certifications: ITIL, CISM, Security+. Cloud certifications (e.g. AWS Solutions Architect / Security Specialty) are strongly valued.
- ISO 27001 Lead Implementer / Lead Auditor certification is an added advantage.
- AI/ML security or governance credentials (e.g. ISO 42001 awareness, AI security training) are a plus given the role’s focus.