Principal Engineer / Security

Job description

Principal Engineer / Security

Job Description:

We are seeking a Principal Engineer – Security, a hands-on technical leader who will shape and drive the security architecture, engineering, and culture across Fyle’s SaaS platform.
You’ll work closely with backend, product, and DevOps teams to build secure, scalable, and compliant systems — ensuring that every part of the product lifecycle, from design to deployment and operations, meets the highest standards of security and reliability.
You’ll also collaborate with Sage’s global security teams to align Fyle’s systems with enterprise-grade security practices and compliance frameworks like SOC-2, ISO 27001, and PCI-DSS.
This role blends deep technical expertise, leadership in secure system design, and a strong sense of ownership in embedding a security-first mindset across the organization.

#LK-CK1

Key Responsibilities:

Key Responsibilities
Security Architecture & Partnership
• Act as the primary security champion for Fyle, working closely with Sage’s Global Security team to define, interpret, adapt, and implement security best practices.
• Influence and guide engineering leaders in defining secure system boundaries, authentication models, and data protection strategies.
• Drive continual improvement of the secure software development lifecycle (SSDLC), embedding security in every stage of the build–deploy–operate loop.
• Serve as the main point of contact for security-related matters, facilitating communication and collaboration between Fyle and Global Security.

Culture & Capability Building
• Foster a strong, collaborative security culture by mentoring other Security Champions across the group and engineers across teams.
• Lead the evolution of the Security Champion programme within the Fyle engineering teams, making security an everyday practice.
• Mentor engineers and senior developers on secure design, code review, and incident response best practices.

DevSecOps & Secure Delivery
• Champion a DevSecOps approach that integrates security scanning, SAST/DAST, dependency management, and vulnerability detection into CI/CD pipelines.
• Ensure new releases are secure by design and that vulnerabilities in live systems are quickly identified and remediated.
• Identify, evaluate, and implement new security tools and vendors that enhance the overall security posture.
Governance & Compliance
• Collaborate with Sage’s InfoSec and compliance teams to ensure Fyle meets or exceeds compliance requirements.
• Support audits and evidence collection for compliance certification and customer assurance programmes.
• Advise on policies around access control, secrets management, encryption, and incident management.

Innovation & External Impact
• Drive improvements in security-related standards, frameworks, and processes as a thought leader.
• Represent Fyle x Sage at security conferences, open-source projects and industry forums aligned with our Global Security team
• Stay ahead of emerging security trends and technologies, sharing insights with the wider engineering organisation
Technical Skills & Experience
• Deep expertise in implementing security controls within cloud-native SaaS applications (AWS preferred).
• Proven experience in secure software development lifecycle (SSDLC) implementation.
• Familiarity with secure design principles across distributed systems, APIs, and data pipelines.
• Experience in security operations, incident response, and vulnerability management.
• Hands-on experience with tools for code scanning, dependency management, and runtime security (e.g., SonarQube, Snyk, Aqua, Prisma Cloud).
• Experience working in agile and DevSecOps environments with geographically distributed teams.
• Strong understanding of compliance frameworks such as SOC 2, ISO 27001, or PCI-DSS.
• Professional certifications such as CISSP, CSSLP, or AWS Certified Security Specialty preferred.
• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field, with 8+ years of commercial experience.

Mindset & Values
• Security evangelist – brings a proactive, prevention-first mindset.
• System thinker – balances security rigor with developer velocity and user experience.
• Collaborative leader – builds trust and alignment across security, product, and engineering teams.
• Continuous learner – stays current with evolving threats, standards, and technologies.
• Teacher and mentor – raises the security awareness and capability of the entire engineering organization.
Impact Metrics
• Strengthened security posture and reduced vulnerability turnaround time across systems.
• Increased developer participation in the Security Champions program.
• Demonstrated compliance readiness and successful audit outcomes.

#LI-CK1

Function:

Product Delivery

Country:

India

Office Location:

Bangalore

Work Place type:

Hybrid

Advert

Working at Sage means you’re supporting millions of small and medium sized businesses globally with technology to work faster and smarter.

We leverage the future of AI, meaning business owners spend less time doing routine tasks, like entering invoices and generating reports, and more time pursuing their ambitions.

Our colleagues are the best of the best.

It’s why we were awarded 2024 Best Places to Work by Glassdoor.

Because to achieve extraordinary outcomes, we need extraordinary teams.

This means infusing Sage with people who knock down barriers, continuously innovate, and want to experience their potential.
Learn more about working at Sage:sage.com/en-gb/company/careers/working-at-sage/
Watch a video about our culture:youtube.com/watch?v=qIoiCpZH-QE

We celebrate individuality and welcome you to join us if you embrace all backgrounds, identities, beliefs, and ways of working.

If you need support applying, reach out atcareers@sage.com.
Learn more about DEI at Sage:sage.com/en-gb/company/careers/diversity-equity-and-inclusion/



Equal Employment Opportunity (EEO)
Sage is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities.
In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Sage will be based on merit, qualifications, and abilities.

Sage does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, age, protected disability, veteran status, sexual orientation, gender identity, genetic information, or any other characteristic protected by applicable law.

Required Skill Profession

Other General