Your IT Future, Delivered.

Principal Security Engineer - Cloud Architecture & Compliance

With a global team of 5,600+ IT professionals, DHL IT Services connects people and keeps the global economy running by delivering secure, scalable, and sustainable digital solutions. We operate across borders, platforms, and cultures-building the technology backbone of the world's leading logistics company. All our offices are certified #GreatPlaceToWork, reflecting our commitment to exceptional employee experiences.

Digitalization. Simply delivered.

At DHL IT Services, cloud security is a strategic enabler. Our SPCS Cloud Security, Compliance & Resiliency team is expanding, and we are looking for a Principal Security Engineer to drive cloud security architecture, compliance, and operational excellence across Azure, Google Cloud Platform (GCP), and other public cloud environments.

This role combines hands-on technical depth, security architecture leadership, compliance governance, and day-to-day security operations. It is expected to evolve into a technical leadership / people management role, supporting team development, stakeholder engagement, and executive-level reporting.

Role Overview

As a Principal Security Engineer - Cloud Security Architecture, you will define, design, and govern secure cloud architectures across DHL Group cloud platforms. You will work closely with ITS teams, Business Units, architects, engineers, and external partners to ensure cloud environments are secure by design, compliant with DHL and regulatory requirements, and resilient against modern threats.

You will also play a key role in:

. Developing cloud security standards, blueprints, and policies

. Performing threat modeling, risk assessments, and architectural reviews

. Supporting operational security activities and continuous compliance monitoring

. Coaching and guiding engineers and, over time, leading a security engineering team

When cloud security challenges arise, you are the trusted expert-able to assess risk, propose pragmatic solutions, and drive remediation at scale.

Key Responsibilities:

Cloud Security Architecture & Design

. De sign and govern secure, scalable, and resilient cloud architectures across Azure, GCP, and AWS, including hybrid and multi-cloud environments.

. Define cloud security reference architectures, patterns, and guardrails aligned with DHL security standards.

. Design secure cloud networking, IAM, workload protection, and data protection architectures.

. Apply Zero Trust principles and defense-in-depth across cloud platforms.

. Review and approve cloud architecture designs from ITS and Business Units.

Hands-On Cloud Security Engineering

. Develop and maintain Azure Policies, GCP Organization Policies, and landing zone blueprints.

. Implement and tune CSPM and CWPP platforms (e.g., Prisma Cloud or equivalent), including cloud-native security services.

. Secure container platforms and workloads (AKS, GKE, Kubernetes), including runtime protection.

. Support Infrastructure-as-Code security (Terraform, ARM, CloudFormation).

. Integrate cloud security controls with SIEM/XDR platforms.

Threat Modeling & Risk Management

. Perform threat modeling for cloud architectures and cloud-native applications.

. Identify attack vectors, security gaps, and misconfigurations across cloud environments.

. Conduct risk assessments and define mitigation strategies aligned with DHL risk frameworks.

. Address modern threat scenarios such as supply-chain attacks, API abuse, privilege escalation, and lateral movement in cloud environments.

Compliance, Governance & Audit

. Design and enforce cloud security controls aligned with:

o ISO 27001, ISO 27017, ISO 27018

o NIST CSF, NIST 800-53 / 800-171

o CIS Benchmarks (Azure, GCP, AWS)

o GDPR, SOC 2, PCI-DSS (where applicable)

. Support audit readiness, internal and external assessments, and continuous compliance monitoring.

. Translate regulatory requirements into actionable cloud security controls.

Security Operations & Continuous Improvement

. Support day-to-day cloud security operations, including incident response, vulnerability management, and exception handling.

. Analyze security findings and drive remediation with platform and application owners.

. Continuously improve cloud security posture and reduce attack surface across environments.

Leadership, Collaboration & Reporting

. Act as a senior security advisor to architects, engineers, and business stakeholders.

. Lead cross-functional security initiatives across ITS and Business Units.

. Mentor and coach junior engineers contribute to team capability building.

. Prepare clear management and executive-level reports, dashboards, and risk summaries.

Required Skills & Experience:

Technical & Architectural Expertise

. Strong hands-on experience with Azure and GCP security, plus exposure to AWS.

. Proven experience designing enterprise-scale cloud security architectures.

. Deep knowledge of:

o IAM (Azure AD / Entra ID, Google IAM, AWS IAM)

o Cloud networking and segmentation

o Container and Kubernetes security

o Data protection (encryption, KMS, HSM, CMKs)

o CSPM, CWPP, SIEM/XDR integrations

Threat & Risk

. Practical experience with threat modeling methodologies.

. Strong understanding of cloud attack techniques and mitigation strategies.

Automation & Engineering

. Experience with automation and scripting (Python, PowerShell, Bash).

. Familiarity with CI/CD security integration and security automation (SOAR).

Leadership & Soft Skills

. Ability to explain complex security topics to technical and non-technical audiences.

. Strong stakeholder management and collaboration skills.

. Experience contributing to or leading teams in a global, multicultural e nvironment.

. Comfortable working under pressure and prioritizing effectively.

Certifications (Preferred)

. Azure: AZ-500, AZ-305, or equivalent

. Google Cloud: Professional Cloud Security Engineer or Architect

. Cloud-agnostic: CCSP, CISSP

. ISO 27001 Lead Implementer / Auditor (strong advantage)

Why This Role Matters

This role is critical to scaling DHL's cloud security capabilities, enabling secure cloud adoption, and ensuring compliance across a rapidly growing multi-cloud environment. You will have direct influence on architecture, standards, tooling, and how cloud security is implemented DHL business entities globally.

An array of benefits for you:

• Hybrid work arrangements to balance in-office collaboration and home flexibility.
• Annual Leave: 42 days off apart from Public / National Holidays.
• Medical Insurance: Self + Spouse + 2 children. An option to opt for Voluntary Parental Insurance (Parents / Parent -in-laws) at a nominal premium covering pre existing disease.
• In House training programs: professional and technical training certifications.