The Cloud Engineer is responsible for designing, implementing, automating, deploying and operating production grade services on a variety of cloud vendors and various infrastructure platforms for Smile Digital Health, its clients and partners. This position works with various teams to ensure that infrastructure needs are fulfilled for various teams and departments including but not limited to Information Services, Privacy & Security, Engineering, Product, Client Support and Delivery.

THE OPPORTUNITY We are looking for a Principal Security Architect to serve as the principal security architecture authority responsible for defining, governing, and evolving security architecture standards across Nasuni's SaaS platform and engineering organization. The Principal Security Architect will influence security outcomes across multiple engineering organizations and serve as a key partner to executive leadership in shaping the future security posture of Nasuni's cloud-native platform. This is a senior individual contributor role reporting directly to the CISO, with broad influence across product, engineering, and infrastructure teams. You will set architectural standards, lead complex security design efforts, define our DevSecOps and cloud-native security posture, and serve as a trusted partner to engineering and product leadership. This role serves as the final architecture authority for security design standards, security architecture reviews, and security exception recommendations, ensuring consistency across product and platform engineering initiatives. WHAT YOU WILL DO Define and Own Secure Cloud-Native Architecture - Design and enforce security reference architectures for Nasuni's multi-cloud SaaS platform across AWS, Azure, and GCP, covering areas like workload identity, network segmentation, tenant isolation, encryption standards, and blast radius containment. - Embed security controls directly into Infrastructure as Code, CI/CD pipelines, and cloud control planes using a security-as-code approach, making guardrails preventative by default, not detective after the fact. - Own the evolution of API security patterns, service-to-service authentication, secrets management, and authorization boundaries across our SaaS architecture. - Define and own lifecycle of security reference architectures, reusable security patterns, and architecture standards adopted across engineering teams. Lead Product and Application Security - Lead the security architecture review process, providing architectural guidance, governance decisions, and risk-based exception recommendations for critical engineering initiatives. - Partner with product and engineering teams as the authoritative security SME throughout the software development lifecycle, from design and threat modeling through code review, testing, and deployment. - Lead threat modeling and security design reviews for complex product features, API integrations, and infrastructure changes. - Drive consistency of SAST/DAST tooling, dependency scanning, and secure SDLC practices across engineering teams. - Define and govern application security standards including input validation, authentication, authorization, and data protection patterns. - Lead or oversee penetration testing programs and responsible vulnerability disclosure processes. Architect for AI Security and Governance - Design and review secure architectures for AI-enabled product capabilities, including LLM workflows, RAG pipelines, agentic systems, and Model Context Protocol integrations, with rigorous controls for tenant isolation, prompt safety, data ingestion, authorization boundaries, and output auditability. - Partner with Engineering, Product, Legal, and GRC teams to define governance controls for AI-enabled product capabilities and third-party AI technologies incorporated into Nasuni's SaaS platform. - Evaluate emerging AI-driven security capabilities and guide responsible adoption to strengthen detection, response, and secure development workflows. Own Cross-functional Security Efforts - Define and evolve Nasuni's long-term security architecture strategy, translating business, product, and technology objectives into scalable security capabilities and architectural roadmaps. - Provide final architectural guidance on security trade-offs involving platform scalability, customer experience, operational complexity, and risk tolerance. - Lead risk-based architecture trade-off discussions across security, privacy, usability, and delivery velocity — documenting decisions clearly so teams can move with confidence. - Institutionalize automated architecture assurance through policy-as-code, static analysis, and runtime controls that continuously validate Zero Trust principles and internal standards. - Serve as a trusted technical advisor to engineering leadership, translating complex security risk into actionable architectural guidance. Build Security Architecture Capability - Establish security architecture practices that scale across engineering organizations. - Mentor senior engineers and security practitioners in secure design and architectural thinking. - Create reusable standards, design patterns, threat models, and engineering guidance that improve security outcomes across multiple teams. - Raise architectural maturity through education, governance, and technical leadership. WHAT YOU WILL BRING Experience - Progressive experience in security engineering, architecture, or related technical disciplines. - Demonstrated experience in product security, application security, or platform security within a SaaS or cloud-native software company. - Track record of leading complex cross-functional security initiatives and influencing engineering culture without direct authority. - Demonstrated ownership of security architecture standards and governance processes used across multiple engineering teams or product organizations. Technical Depth - Deep expertise in multi-cloud security architecture across AWS, Azure, and GCP - including cloud-native IAM, network security, workload identity, and cloud control plane security. - Strong command of secure SDLC practices, DevSecOps principles, and security-as-code tooling (OPA, Checkov, Semgrep, or equivalent). - Proficiency in container and Kubernetes security, secrets management, and infrastructure hardening. - Experience assessing and mitigating security risks associated with AI-enabled architectures, including LLMs, RAG pipelines, agentic systems, and third-party AI services. - Experience authoring security standards, reference architectures, threat models, architecture decision records, or equivalent governance artifacts. Frameworks and Compliance - Working knowledge of SOC 2 Type II and ISO 27001 requirements and how they translate into architectural controls, or experience partnering with GRC teams to meet such requirements. - Familiarity with security frameworks including NIST CSF, OWASP, and CWE Top 25. - Experience conducting or facilitating threat modeling (STRIDE, PASTA, or equivalent). Communication and Leadership - Ability to explain complex security architecture decisions and trade-offs clearly to both technical and non-technical audiences, including executive leadership. - Strong written communication skills for producing architecture blueprints, decision records, and security standards documentation. - A collaborative, low-ego approach, you build shared understanding and earn trust through expertise and consistency. AI Mindset - You actively use AI tools in your daily work and can articulate where they help, where they introduce risk, and what guardrails you apply. - You understand the implications of non-human identity and agentic systems, and can apply practical governance strategies to reduce associated risk. Education and Certifications - Bachelor's degree in Computer Science, Information Security, Engineering, or a related field, or equivalent practical experience. - Relevant certifications preferred: CISSP, CCSP, AWS Security Specialty, Azure Security Engineer, CSSLP, or SABSA. Why work at Nasuni? As part of our commitment to your well-being, we are pleased to offer comprehensive benefits packages to employees across the US. Benefits packages generally include: - Best in class employee onboarding and training - "Take What You Need” paid time off policy - Comprehensive health, dental and vision plans - Company-paid life and disability insurance - 401(k) and Roth IRA retirement plan - Generous employee referral bonuses - Flexible remote work policy - 10 Paid Holidays - Wide array of wellbeing offerings - Pre-tax savings accounts with company contributions - Great team culture and social activities - Collaborative workspaces - Free on-site fitness centers and stocked kitchens in select office locations - Professional development resources Compensation Transparency: In accordance with U.S. pay transparency laws, Nasuni is committed to providing visibility into compensation for all U.S.-based roles. Click HERE to view our compensation ranges by job grade. Actual compensation will be based on a variety of factors, including a candidate’s experience, skills, education, and work location. To all recruitment agencies: Nasuni does not accept agency resumes. Please do not forward resumes to our job boards, Nasuni employees or any other company location. Nasuni is not responsible for any fees related to unsolicited resumes. Nasuni is an equal opportunity employer. The equal employment opportunity policy at Nasuni protects employees and job applicants from discrimination on the bases of race, religion, color, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors. These protections extend to all management practices and decisions, including recruitment and hiring practices, appraisal systems, promotions, and training and career development programs. This privacy notice relates to information collected (whether online or offline) by Nasuni Corporation and our corporate affiliates (collectively, “Nasuni”) from or about you in your capacity as a Nasuni employee, independent contractor/service provider or as an applicant for an employment or contractor relationship with Nasuni. This privacy notice relates to information collected (whether online or offline) by Nasuni Corporation and our corporate affiliates (collectively, “Nasuni”) from or about you in your capacity as a Nasuni employee, independent contractor/service provider or as an applicant for an employment or contractor relationship with Nasuni.

• Shape the cloud instead of just managing it: You design, migrate, and operate modern Microsoft 365 and Azure environments. • Master migrations: You develop appropriate migration paths and support their implementation. • Drive device management: Using Intune, Autopilot, and BYOD policies you ensure modern, standardized, and automated client environments. • Apply Security by Design: You ensure security and continuous improvement go hand in hand. • Advise and dive deep: In assessments, architecture workshops, and PoCs you work closely with Sales and Key Accounts.

Role Description For an international manufacturing environment, we are looking for an experienced Microsoft & Oracle License Expert to support the setup and optimization of Software Asset Management activities within ServiceNow SAM Pro. - The role focuses on licensing expertise, data requirements, SAM Pro configuration support, validation, and knowledge transfer to the internal team. - Provide deep expertise in Microsoft and Oracle licensing models, including metrics, rules, compliance requirements, and recent developments. - Guide the team in identifying the relevant data points required for effective license management within ServiceNow SAM Pro. - Advise on how to adapt SAM activities to the continuous evolution of Microsoft and Oracle licensing models. - Define configuration requirements for ServiceNow SAM Pro. - Validate the implementation through testing and ensure that required license data is accurately captured, available, and reliable. - Support the identification of software optimization and cost-saving opportunities. - Coach and upskill the internal team on licensing topics and practical license management approaches. - Translate licensing knowledge into actionable measures for compliance, optimization, and cost reduction. Qualifications - Strong expert-level knowledge of Microsoft licensing. - Strong expert-level knowledge of Oracle licensing. - Practical experience with Software Asset Management, ideally in larger enterprise environments. - Experience with ServiceNow SAM Pro or comparable SAM tools. - Ability to define data and configuration requirements for license management. - Experience in license compliance, optimization, and cost-saving initiatives. - Strong analytical and advisory skills. - Ability to coach and enable internal teams. - Very good English communication skills. Company Description PROSTAFF vermittelt und besetzt Informatik- und Data Science-Projekte in der Schweiz mit Freiberuflern, Freelancern, Contractors und temporären Mitarbeitern.