Principal Security Engineer
Jeppesen ForeFlight · Englewood, CO · 2 wk ago
HybridInformation Technology$180k–$220k/yrFull-time
Key Responsibilities
- Define and continuously evolve the enterprise security architecture across identity, endpoint, network, cloud (AWS/Azure), and SaaS.
- Produce explicit threat models for each tier; translate them into prioritized engineering roadmaps.
- Zero Trust & Identity. Design and oversee implementation of zero-trust access, IAM/PAM, MFA, and privileged credential management — with Okta and Entra ID as the primary platforms.
- Detection & Response. Lead technical response to high-severity incidents. Operate and mature EDR/XDR, SIEM, and DLP programs; drive post-incident hardening with measurable outcomes.
- Platform & Vendor Review. Evaluate and approve security designs for new platforms, SaaS integrations, infrastructure initiatives, and M&A activity before they reach production.
- Compliance Engineering. Partner with GRC on SOC 2, ISO 27001, and aviation-specific control requirements. Translate auditor findings and regulatory obligations into concrete engineering work — not policy binders.
- Technical Leadership. Mentor security and infrastructure engineers, raise the security bar in cross-functional architecture reviews, and serve as a credible peer to product security engineering leaders.
Basic Qualifications
- 10+ years in security engineering or architecture, including 3+ years as a principal architect or staff-level IC with demonstrated enterprise ownership.
- Understanding of security as it flows across environments such as data centers, Azure, AWS.
- Hands-on familiarity with IAM and VPC security.
- Proven experience with enterprise identity platforms (Okta, Entra ID/Azure AD) and modern detection tooling (EDR/XDR, SIEM, SOAR).
- Solid working knowledge of NIST CSF, ISO 27001, and SOC 2; familiarity with FAA/EASA, DoD, or CMMC contexts is a meaningful advantage.
- Track record of turning risk assessments and audit findings into shipped engineering improvements — not just recommendations.
- Strong communicator across audiences: equally comfortable whiteboarding with engineers and presenting risk posture to executives.
- Bachelor's in CS, engineering, or equivalent experience.
- CISSP, OSCP, or GIAC certifications are valued, not required.
Preferred Qualifications
- Experience in aviation, aerospace, defense, or other safety-critical software environments where the cost of a security failure extends beyond data.
- Hands-on experience integrating acquired companies onto a common enterprise security baseline — identity federation, endpoint standardization, and network segmentation.
- Familiarity with M&A security due diligence and post-close integration planning.
Pay
Pay is based upon candidate experience and qualifications, as well market and business considerations: Summary Pay Range: $180,000-$220,000