Principal Security Architect - SaaS Cloud

THE OPPORTUNITY

We are looking for a Principal Security Architect to serve as the principal security architecture authority responsible for defining, governing, and evolving security architecture standards across Nasuni's SaaS platform and engineering organization. The Principal Security Architect will influence security outcomes across multiple engineering organizations and serve as a key partner to executive leadership in shaping the future security posture of Nasuni's cloud-native platform. This is a senior individual contributor role reporting directly to the CISO, with broad influence across product, engineering, and infrastructure teams.  You will set architectural standards, lead complex security design efforts, define our DevSecOps and cloud-native security posture, and serve as a trusted partner to engineering and product leadership.  This role serves as the final architecture authority for security design standards, security architecture reviews, and security exception recommendations, ensuring consistency across product and platform engineering initiatives.

WHAT YOU WILL DO

Define and Own Secure Cloud-Native Architecture

• Design and enforce security reference architectures for Nasuni's multi-cloud SaaS platform across AWS, Azure, and GCP, covering areas like workload identity, network segmentation, tenant isolation, encryption standards, and blast radius containment.
• Embed security controls directly into Infrastructure as Code, CI/CD pipelines, and cloud control planes using a security-as-code approach, making guardrails preventative by default, not detective after the fact.
• Own the evolution of API security patterns, service-to-service authentication, secrets management, and authorization boundaries across our SaaS architecture.
• Define and own lifecycle of security reference architectures, reusable security patterns, and architecture standards adopted across engineering teams.

Lead Product and Application Security

• Lead the security architecture review process, providing architectural guidance, governance decisions, and risk-based exception recommendations for critical engineering initiatives.
• Partner with product and engineering teams as the authoritative security SME throughout the software development lifecycle, from design and threat modeling through code review, testing, and deployment.
• Lead threat modeling and security design reviews for complex product features, API integrations, and infrastructure changes.
• Drive consistency of SAST/DAST tooling, dependency scanning, and secure SDLC practices across engineering teams.
• Define and govern application security standards including input validation, authentication, authorization, and data protection patterns.
• Lead or oversee penetration testing programs and responsible vulnerability disclosure processes.

Architect for AI Security and Governance

• Design and review secure architectures for AI-enabled product capabilities, including LLM workflows, RAG pipelines, agentic systems, and Model Context Protocol integrations, with rigorous controls for tenant isolation, prompt safety, data ingestion, authorization boundaries, and output auditability.
• Partner with Engineering, Product, Legal, and GRC teams to define governance controls for AI-enabled product capabilities and third-party AI technologies incorporated into Nasuni's SaaS platform.
• Evaluate emerging AI-driven security capabilities and guide responsible adoption to strengthen detection, response, and secure development workflows.

Own Cross-functional Security Efforts

• Define and evolve Nasuni's long-term security architecture strategy, translating business, product, and technology objectives into scalable security capabilities and architectural roadmaps.
• Provide final architectural guidance on security trade-offs involving platform scalability, customer experience, operational complexity, and risk tolerance.
• Lead risk-based architecture trade-off discussions across security, privacy, usability, and delivery velocity — documenting decisions clearly so teams can move with confidence.
• Institutionalize automated architecture assurance through policy-as-code, static analysis, and runtime controls that continuously validate Zero Trust principles and internal standards.
• Serve as a trusted technical advisor to engineering leadership, translating complex security risk into actionable architectural guidance.

Build Security Architecture Capability

• Establish security architecture practices that scale across engineering organizations.
• Mentor senior engineers and security practitioners in secure design and architectural thinking.
• Create reusable standards, design patterns, threat models, and engineering guidance that improve security outcomes across multiple teams.
• Raise architectural maturity through education, governance, and technical leadership.

WHAT YOU WILL BRING

Experience

• Progressive experience in security engineering, architecture, or related technical disciplines.
• Demonstrated experience in product security, application security, or platform security within a SaaS or cloud-native software company.
• Track record of leading complex cross-functional security initiatives and influencing engineering culture without direct authority.
• Demonstrated ownership of security architecture standards and governance processes used across multiple engineering teams or product organizations.

Technical Depth

• Deep expertise in multi-cloud security architecture across AWS, Azure, and GCP - including cloud-native IAM, network security, workload identity, and cloud control plane security.
• Strong command of secure SDLC practices, DevSecOps principles, and security-as-code tooling (OPA, Checkov, Semgrep, or equivalent).
• Proficiency in container and Kubernetes security, secrets management, and infrastructure hardening.
• Experience assessing and mitigating security risks associated with AI-enabled architectures, including LLMs, RAG pipelines, agentic systems, and third-party AI services.
• Experience authoring security standards, reference architectures, threat models, architecture decision records, or equivalent governance artifacts.

Frameworks and Compliance

• Working knowledge of SOC 2 Type II and ISO 27001 requirements and how they translate into architectural controls, or experience partnering with GRC teams to meet such requirements.
• Familiarity with security frameworks including NIST CSF, OWASP, and CWE Top 25.
• Experience conducting or facilitating threat modeling (STRIDE, PASTA, or equivalent).

Communication and Leadership

• Ability to explain complex security architecture decisions and trade-offs clearly to both technical and non-technical audiences, including executive leadership.
• Strong written communication skills for producing architecture blueprints, decision records, and security standards documentation.
• A collaborative, low-ego approach, you build shared understanding and earn trust through expertise and consistency.

AI Mindset

• You actively use AI tools in your daily work and can articulate where they help, where they introduce risk, and what guardrails you apply.
• You understand the implications of non-human identity and agentic systems, and can apply practical governance strategies to reduce associated risk.

Education and Certifications

• Bachelor's degree in Computer Science, Information Security, Engineering, or a related field, or equivalent practical experience.
• Relevant certifications preferred: CISSP, CCSP, AWS Security Specialty, Azure Security Engineer, CSSLP, or SABSA.