About the Hiring Team

Tencent Overseas IT has the mission to empower Tencent’s rapid global growth with future ready, global IT platforms, applications and services. We are chartered to lead the Overseas IT strategy, architecture, roadmap and execution. Satisfying our internal/external customers and becoming a world class global IT team are our top aspirations.

What the Role Entails

Tencent Overseas IT is committed to accelerating Tencent's international business growth and enabling its success through the deployment of cutting-edge technology platforms in IT services, cloud, security, and DevOps. As leaders in IT technology, we are responsible for defining and executing on Tencent's Overseas IT strategy, architecture, and roadmap. Our primary focus is to deliver exceptional value to satisfy the diverse needs of our internal and external customers, while striving to build a world-class global IT team.

Responsibilities

We're seeking a Principal Security Architect to drive the overall security architecture of Tencent overseas business. This role will work closely with foundation IT and Business teams to ensure compliance with security best practices, regulatory requirements, and internal policies. Key responsibilities include:

• Security Strategy and Planning: Defining and implementing the organization's security strategy, roadmaps, and long-term vision.
• Security Architecture Design: Developing and maintaining the overall security architecture, including defining security frameworks, standards, and controls.
• Incident Response: Participating in incident response activities, providing expertise in identifying, containing, and recovering from security incidents.
• Risk Management: Identifying and assessing security risks, developing mitigation strategies, and ensuring alignment with business objectives.
• Security Compliance: Ensuring compliance with relevant security regulations, industry standards (e.g., NIST, ISO 27001, HIPAA), and internal policies.

Who We Look For

Key Skills

• Security Architecture Design: Ability to design and implement secure and scalable architectures across various environments (e.g., cloud, containerized, on-premises), including developing and maintaining threat models and security reference architectures, with a strong emphasis on Zero Trust principles.
• Security Operations & Incident Response: Experience with Security Information & Event Management (SIEM) systems, vulnerability scanners, malware analysis, and handling security incidents. The ability to lead threat modeling activities and support penetration testing is also important.
• Networking: In-depth knowledge of networking principles, including routers, switches, firewalls, load balancers, and wireless devices, as well as network security protocols and technologies like VLANs, VPNs, IDS/IPS, and network segmentation.
• Cloud Security: Expertise in cloud security principles and technologies across major platforms like AWS, Azure, and GCP, including implementing security controls and best practices in cloud environments.
• Identity and Access Management (IAM): Strong understanding of enterprise IAM systems, including platforms like Okta, SailPoint, and Active Directory (AD), and the ability to implement and manage secure access controls based on the principle of least privilege.
• Data Protection: Knowledge of data protection methods like encryption, pseudonymization, and shuffling, and how to apply them effectively to safeguard against data corruption, compromise, and loss.
• Security Testing & Analysis: Experience in conducting penetration testing, vulnerability assessments, ethical hacking, and risk analysis to identify and mitigate security risks.
• Security Automation & DevSecOps: Hands-on experience with security automation tools and scripting languages (e.g., Python, Lambda, Terraform) to streamline security processes and embed security into CI/CD workflows and Infrastructure-as-Code (IaC) processes.
• Security Tools & Technologies: Proficiency in using various security tools and technologies, including SIEM platforms, XDR, cloud-native threat detection tools, vulnerability scanners, and encryption tools.
• Operating Systems: Experience with various operating systems, including Windows, Linux, and UNIX.
• Application Security: Experience in web application security, OWASP, API security, and secure design and testing.
• SaaS Security: Experience with SaaS permission management, experience with SSPM (SaaS Security Posture Management)
• AI for Security: real word experience with AI/LLM/Agentic for security, especially adopt LLM in SIEM rule, SOAR optimization.
• Scripting skills in Python, PowerShell or Bash

Qualifications

• Education: Typically, a master’s degree in computer science, Information Security, or a related technical field is required.
• Minimum of 10-12+ years of progressive experience in cybersecurity, including at least 5-7 years in a security architecture or senior-level engineering role.
• Experience securing workspace and key enterprise systems, including IAM, e-mail, DevSecOps, SaaS, and back-office systems.
• Essential soft skills: Analytical Thinking; Problem-Solving; Risk Management; Adaptability & Continuous Learning; Attention to Detail
• Experience working with remote, globally distributed teams
• Relevant certifications:
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Security Manager (CISM)
• AWS Certified Security – Specialty
• Other certifications like AWS Certified SA, Certified Ethical Hacker (CEH), CompTIA Security+, and GIAC Security Essentials Certification (GSEC) can also be beneficial.

Location State(s)

US-California-Palo Alto

The expected base pay range for this position in the location(s) listed above is $141,200.00 to $328,400.00 per year. Actual pay may vary depending on job-related knowledge, skills, and experience. Employees hired for this position may be eligible for a sign on payment, relocation package, and restricted stock units, which will be evaluated on a case-by-case basis. Subject to the terms and conditions of the plans in effect, hired applicants are also eligible for medical, dental, vision, life and disability benefits, and participation in the Company’s 401(k) plan. The Employee is also eligible for up to 15 to 25 days of vacation per year (depending on the employee’s tenure), up to 13 days of holidays throughout the calendar year, and up to 10 days of paid sick leave per year. Your benefits may be adjusted to reflect your location, employment status, duration of employment with the company, and position level. Benefits may also be pro-rated for those who start working during the calendar year.