Principal Security Engineer - Jeppesen ForeFlight

Key Responsibilities

• Define and own the security architecture for enterprise IT and SaaS services, aligning with business goals and regulatory requirements.
• Partner with engineering, infrastructure, and product security teams to embed security controls throughout the development lifecycle (DevSecOps).
• Conduct threat modeling, risk assessments, and security reviews for new and existing systems.
• Design and implement Identity and Access Management (IAM) solutions, including least‑privilege access and multi‑factor authentication.
• Establish and maintain compliance programs (e.g., ISO 27001, SOC 2) and drive continuous improvement of security posture.
• Measure security outcomes, produce metrics, and communicate findings to senior leadership.

Requirements

• 10+ years of experience in information security, with a focus on cloud environments (AWS preferred).
• Proven expertise in security architecture, threat modeling, and IAM design.
• Hands‑on experience implementing DevSecOps pipelines and automated security testing.
• Deep knowledge of compliance frameworks such as ISO 27001, SOC 2, and related audit processes.
• Strong communication skills and ability to influence cross‑functional teams without direct authority.