Principal Security Architect

Tencent Overseas IT has the mission to empower Tencent’s rapid global growth with future ready, global IT platforms, applications and services. We are chartered to lead the Overseas IT strategy, architecture, roadmap and execution. Satisfying our internal/external customers and becoming a world class global IT team are our top aspirations. What the Role Entails Tencent Overseas IT is committed to accelerating Tencent's international business growth and enabling its success through the deployment of cutting‑edge technology platforms in IT services, cloud, security, and DevOps. As leaders in IT technology, we are responsible for defining and executing on Tencent's Overseas IT strategy, architecture, and roadmap. Our primary focus is to deliver exceptional value to satisfy the diverse needs of our internal and external customers, while striving to build a world‑class global IT team. Responsibilities We’re seeking a Principal Security Architect to drive the overall security architecture of Tencent overseas business. This role will work closely with foundation IT and Business teams to ensure compliance with security best practices, regulatory requirements, and internal policies. Key responsibilities include: Security Strategy and Planning: Defining and implementing the organization’s security strategy, roadmaps, and long‑term vision. Security Architecture Design: Developing and maintaining the overall security architecture, including defining security frameworks, standards, and controls. Incident Response: Participating in incident response activities, providing expertise in identifying, containing, and recovering from security incidents. Risk Management: Identifying and assessing security risks, developing mitigation strategies, and ensuring alignment with business objectives. Security Compliance: Ensuring compliance with relevant security regulations, industry standards (e.g., NIST, ISO 27001, HIPAA), and internal policies. Who We Look For Key Skills Security Architecture Design: Ability to design and implement secure and scalable architectures across various environments (e.g., cloud, containerized, on‑premises), including developing and maintaining threat models and security reference architectures, with a strong emphasis on Zero Trust principles. Security Operations & Incident Response: Experience with Security Information & Event Management (SIEM) systems, vulnerability scanners, malware analysis, and handling security incidents. The ability to lead threat modeling activities and support penetration testing is also important. Networking: In-depth knowledge of networking principles, including routers, switches, firewalls, load balancers, and wireless devices, as well as network security protocols and technologies like VLANs, VPNs, IDS/IPS, and network segmentation. Cloud Security: Expertise in cloud security principles and technologies across major platforms like AWS, Azure, and GCP, including implementing security controls and best practices in cloud environments. Identity and Access Management (IAM): Strong understanding of enterprise IAM systems, including platforms like Okta, SailPoint, and Active Directory (AD), and the ability to implement and manage secure access controls based on the principle of least privilege. Data Protection: Knowledge of data protection methods like encryption, pseudonymization, and shuffling, and how to apply them effectively to safeguard against data corruption, compromise, and loss. Security Testing & Analysis: Experience in conducting penetration testing, vulnerability assessments, ethical hacking, and risk analysis to identify and mitigate security risks. Security Automation & DevSecOps: Hands‑on experience with security automation tools and scripting languages (e.g., Python, Lambda, Terraform) to streamline security processes and embed security into CI/CD workflows and Infrastructure‑as‑Code (IaC) processes. Security Tools & Technologies: Proficiency in using various security tools and technologies, including SIEM platforms, XDR, cloud‑native threat detection tools, vulnerability scanners, and encryption tools. Operating Systems: Experience with various operating systems, including Windows, Linux, and UNIX. Application Security: Experience in web application security, OWASP, API security, and secure design and testing. SaaS Security: Experience with SaaS permission management, experience with SSPM (SaaS Security Posture Management) AI for Security: real word experience with AI/LLM/Agentic for security, especially adopt LLM in SIEM rule, SOAR optimization. Scripting skills in Python, PowerShell or Bash Qualifications • Education: Typically, a master’s degree in computer science, Information Security, or a related technical field is required. • Minimum of 10-12+ years of progressive experience in cybersecurity, including at least 5-7 years in a security architecture or senior‑level engineering role. • Experience securing workspace and key enterprise systems, including IAM, e‑mail, DevSecOps, SaaS, and back‑office systems. • Essential soft skills: Analytical Thinking; Problem‑Solving; Risk Management; Adaptability & Continuous Learning; Attention to Detail • Experience working with remote, globally distributed teams • Previous experience in the gaming industry is a plus. Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) Certified Information Security Manager (CISM) AWS Certified Security – Specialty Other certifications like AWS Certified SA, Certified Ethical Hacker (CEH), CompTIA Security+, and GIAC Security Essentials Certification (GSEC) can also be beneficial. Equal Employment Opportunity at Tencent As an equal opportunity employer, we firmly believe that diverse voices fuel our innovation and allow us to better serve our users and the community. We foster an environment where every employee of Tencent feels supported and inspired to achieve individual and common goals. #J-18808-Ljbffr