Principal Security Engineer
Indexed description
Role Overview – Principal, Security Engineer
As a Principal Security Engineer, you will serve as a senior technical authority responsible for owning and stewarding end‑to‑end security architecture across Coupang’s cloud, platform, and systems. This is a deeply technical, hands‑on role focused on designing, building, and operating high‑assurance security controls that run directly in production
environments.
You will define secure architectures, threat models, and guardrails for core platforms and GenAI systems, while partnering closely with engineering teams to embed security into shared infrastructure, frameworks, and services. This role combines first‑principles security engineering with large‑scale system design and organizational influence.
Key Responsibilities
Own End-to-End Security Architecture
- Define and steward security architecture across cloud infrastructure (AWS), identity systems, networking, data
- platforms, CI/CD, and AI/GenAI systems
- Act as the final technical authority for correctness, trust boundaries, scalability, and blast radius containment
- Ensure secure-by-design patterns are consistently applied across core and AI platforms
- Establish Canonical Threat Models
- Develop and maintain threat models across cloud, distributed systems, applications, APIs, identity flows, and
- CI/CD pipelines
- Define threat models for GenAI systems, including prompt injection, model misuse, agent abuse, and data
- exfiltration
- Translate threat models into enforceable architectural requirements and secure defaults
Lead Identity, Authentication, and Authorization Strategy
- Own enterprise IAM strategy covering humans, services, workloads, and AI agents
- Design service-to-service authentication, least-privilege models, and just-in-time access
- Ensure authorization systems are resilient, auditable, and safe under partial failure
Design and Build High-Assurance Security Controls
• Personally design and/or build security-critical systems such as:
- Authorization and policy engines
- Token issuance, validation, and rotation systems
- Secrets and key management
- Secure service meshes and ingress/egress controls
• Set the engineering bar for determinism, secure failure modes, and abuse resistance
Own Application and API Security at Scale
- Define secure design patterns for APIs, multitenant isolation, and authorization boundaries
- Prevent confused-deputy attacks, unsafe input handling, and boundary violations
- Ensure security is embedded into frameworks and shared libraries, not bolted on later
Secure Data, ML, and Model Lifecycles
- Own security for sensitive data and AI models, including classification, access control, encryption, and lineage
- Secure ML training, evaluation, deployment, and model versioning environments
- Prevent data leakage, unauthorized model access, and cross-tenant exposure
Build Deterministic Guardrails for GenAI and Agents
- Design enforceable guardrails that control model inputs, outputs, and tool invocation
- Separate control-plane authorization from model behavior
- Ensure policies are enforced outside the model, auditable, and fail safely
Drive Detection, Response, and Abuse Prevention
- Define detection and response strategies for identity abuse, lateral movement, CI/CD compromise, and AI
- misuse
- Focus on high-signal detection, explainability, and sustainable operations
- Ensure Security Reliability and Operational Excellence
- Treat security platforms as production infrastructure with SLOs and error budgets
- Design for partial trust failures across identity, KMS, and policy systems
- Ensure strong observability, incident readiness, and recovery capabilities
Multiply Impact Through Technical Leadership
- Mentor senior and staff engineers across security and platform teams
- Review high-risk designs and security-critical code paths
- Define company-wide standards, patterns, and reusable guardrails
Qualifications & Experience
Essential Experience
- Principal, Lead, or equivalent senior security engineering or architecture experience in complex, large-scale
- environments
- Proven ability to operate as both a strategic technical leader and hands-on engineer
- Deep experience with cloud platforms (AWS), distributed systems, and cloud-native security controls
- Demonstrated experience designing and/or building security controls for platforms, data systems, or AI/ML
- workloads
- Track record of shipping production security systems adopted by multiple teams
Preferred Experience
Experience securing GenAI systems, agents, or ML platforms at scale
Strong background in identity systems, authorization, and policy enforcement
Ability to influence architecture decisions across organizations through technical authority
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search