Technical Lead - Security Engineering

Job Summary

We are looking for an experienced security professional to join WSO2 as a Technical Lead - Security Engineering.

In this role, you will help shape the security architecture and engineering practices behind WSO2 products, cloud platforms, and internal services. You will provide technical leadership across application security, cloud security, and infrastructure security initiatives, working closely with other teams to identify risks, drive security improvements, and build secure-by-default systems.

This is a hands-on role that combines security architecture, technical leadership, customer engagement, and security engineering, with the opportunity to influence security across the organization and products used by customers worldwide.

Your Key Responsibilities:

• Provide technical leadership across application security, cloud security, and infrastructure security initiatives.
• Lead security architecture reviews, threat modeling exercises, and design discussions for products and services across WSO2.
• Partner with engineering teams to identify, prioritize, and address security risks throughout the software development lifecycle.
• Perform and guide security assessments, penetration testing, vulnerability analysis, and security investigations.
• Research emerging threats, vulnerabilities, attack techniques, and security technologies, and help drive improvements across the organization.
• Develop and evolve security engineering standards, secure development practices, and security best practices.
• Design and implement automation and tooling to improve the effectiveness and scalability of security operations.
• Support security incident investigations, root cause analysis, remediation efforts, and long-term security improvements.
• Engage directly with customers to address complex security questions, conduct architecture reviews, and support strategic customer engagements.
• Collaborate with product engineering, cloud operations, infrastructure, and architecture teams to embed security into engineering processes.
• Work with external security researchers and coordinate responsible disclosure activities.
• Support security-related customer questionnaires, RFIs, and technical due diligence activities.
• Mentor engineers and provide technical guidance across security initiatives throughout the organization.
• Contribute to security awareness, training, knowledge sharing, and security culture initiatives.
• Support organizational security and compliance initiatives by providing technical expertise and engineering guidance.

Qualifications, Skills and Relevant Experience:

• BSc in Computer Science/ Engineering/ Security, or equivalent with 6+ years of experience in security engineering, application security, cloud security, infrastructure security, or a related field.
• Strong understanding of application security, secure software design, common vulnerability classes, and secure engineering practices.
• Experience conducting threat modeling, security architecture reviews, security assessments, and penetration testing.
• Hands-on experience identifying, investigating, and remediating security vulnerabilities across applications, cloud environments, and infrastructure.
• Good understanding of cloud security, networking, authentication, authorization, cryptography, and distributed systems.
• Experience and passion for improving security through automation, tooling, and engineering-driven approaches.
• Excellent communication skills with the ability to collaborate with engineering teams, influence technical decisions, and engage with customers on security topics.
• Passion for security, continuous learning, technical leadership, and mentoring others.

Advantageous Certifications and Experience:

• Industry certifications such as OSCP, OSWE, CISSP, CCSK, or equivalent.
• Cloud security certifications from AWS, Azure, or GCP.
• Experience presenting at security conferences, community events, or technical meetups.
• Experience contributing to open source projects, security research, or published security content.
• Experience securing large-scale SaaS platforms, cloud-native environments, or developer platforms.