Job Description

We are seeking a Principal Engineer - Security, a hands-on technical leader who will shape and drive the security architecture, engineering, and culture across Fyle's SaaS platform.


You'll work closely with backend, product, and DevOps teams to build secure, scalable, and compliant systems -- ensuring that every part of the product lifecycle, from design to deployment and operations, meets the highest standards of security and reliability.


You'll also collaborate with Sage's global security teams to align Fyle's systems with enterprise-grade security practices and compliance frameworks like SOC-2, ISO 27001, and PCI-DSS.


This role blends deep technical expertise, leadership in secure system design, and a strong sense of ownership in embedding a security-first mindset across the organization.





#LK-CK1

Key Responsibilities

Key Responsibilities


Security Architecture & Partnership


- Act as the primary security champion for Fyle, working closely with Sage's Global Security team to define, interpret, adapt, and implement security best practices.


- Influence and guide engineering leaders in defining secure system boundaries, authentication models, and data protection strategies.


- Drive continual improvement of the secure software development lifecycle (SSDLC), embedding security in every stage of the build-deploy-operate loop.


- Serve as the main point of contact for security-related matters, facilitating communication and collaboration between Fyle and Global Security.






Culture & Capability Building


- Foster a strong, collaborative security culture by mentoring other Security Champions across the group and engineers across teams.


- Lead the evolution of the Security Champion programme within the Fyle engineering teams, making security an everyday practice.


- Mentor engineers and senior developers on secure design, code review, and incident response best practices.




DevSecOps & Secure Delivery


- Champion a DevSecOps approach that integrates security scanning, SAST/DAST, dependency management, and vulnerability detection into CI/CD pipelines.


- Ensure new releases are secure by design and that vulnerabilities in live systems are quickly identified and remediated.


- Identify, evaluate, and implement new security tools and vendors that enhance the overall security posture.


Governance & Compliance


- Collaborate with Sage's InfoSec and compliance teams to ensure Fyle meets or exceeds compliance requirements.


- Support audits and evidence collection for compliance certification and customer assurance programmes.


- Advise on policies around access control, secrets management, encryption, and incident management.




Innovation & External Impact


- Drive improvements in security-related standards, frameworks, and processes as a thought leader.


- Represent Fyle x Sage at security conferences, open-source projects and industry forums aligned with our Global Security team


- Stay ahead of emerging security trends and technologies, sharing insights with the wider engineering organisation


Technical Skills & Experience


- Deep expertise in implementing security controls within cloud-native SaaS applications (AWS preferred).


- Proven experience in secure software development lifecycle (SSDLC) implementation.


- Familiarity with secure design principles across distributed systems, APIs, and data pipelines.


- Experience in security operations, incident response, and vulnerability management.


- Hands-on experience with tools for code scanning, dependency management, and runtime security (e.g., SonarQube, Snyk, Aqua, Prisma Cloud).


- Experience working in agile and DevSecOps environments with geographically distributed teams.


- Strong understanding of compliance frameworks such as SOC 2, ISO 27001, or PCI-DSS.


- Professional certifications such as CISSP, CSSLP, or AWS Certified Security Specialty preferred.


- Bachelor's or Master's degree in Computer Science, Information Security, or related field, with 8+ years of commercial experience.






Mindset & Values


- Security evangelist - brings a proactive, prevention-first mindset.


- System thinker - balances security rigor with developer velocity and user experience.


- Collaborative leader - builds trust and alignment across security, product, and engineering teams.


- Continuous learner - stays current with evolving threats, standards, and technologies.


- Teacher and mentor - raises the security awareness and capability of the entire engineering organization.


Impact Metrics


- Strengthened security posture and reduced vulnerability turnaround time across systems.


- Increased developer participation in the Security Champions program.


- Demonstrated compliance readiness and successful audit outcomes.






#LI-CK1