Principal Engineer – Risk Management & Threat Modeling

About Us:

 

Proofpoint is a global leader in human- and agent-centric cybersecurity. We protect how people, data, and AI agents connect across email, cloud, and collaboration tools. Over 80 of the Fortune 100, 10,000 large enterprises, and millions of smaller organizations trust Proofpoint to stop threats, prevent data loss, and build resilience across their people and AI workflows. Our mission is simple: safeguard the digital world and empower people to work securely and confidently. Join us in our pursuit to defend data and protect people.

How We Work:

At Proofpoint you’ll be part of a global team that breaks barriers to redefine cybersecurity guided by our BRAVE core values: 

Bold in how we dream and innovate

Responsive to feedback, challenges and opportunities

Accountable for results and best in class outcomes

Visionary in future focused problem-solving

Exceptional in execution and impact

Location: Sunnyvale, CA
Department: Information Security
Reports To: Chief Information Security Officer (CISO)

Role Overview

Proofpoint is seeking a Principal Engineer – Risk Management & Threat Modeling to serve as one of the company’s most senior technical leaders for cybersecurity risk and security architecture analysis. This role combines deep technical expertise, strategic business influence, and cross-functional leadership to shape and mature Proofpoint’s enterprise cyber risk posture across corporate systems, cloud infrastructure, SaaS products, and AI-powered services.

As a Principal Engineer, you will establish technical direction for cyber risk assessment, threat modeling, and AI risk management capabilities. You will partner closely with Product Security, Engineering, Enterprise Architecture, and executive leadership to identify emerging threats, quantify business risk, and drive secure-by-design outcomes at scale.

This role is highly visible across the organization and requires the ability to translate complex technical and architectural risks into actionable guidance for executives, engineering teams, customers, and board stakeholders. A key focus area will be advancing Proofpoint’s security posture for AI-enabled products, agentic systems, and large language model (LLM) integrations while enabling innovation and business growth.

Key Responsibilities

Enterprise Cyber Risk Leadership

• Provide technical leadership for enterprise cyber risk management across corporate, cloud, and product environments.

• Define and evolve data-driven risk assessment methodologies using FAIR, NIST, and ISO frameworks.

• Establish measurable risk metrics, KRIs, and reporting that support executive decision-making.

• Partner with engineering, product, and business stakeholders to drive risk treatment and remediation.

• Serve as a senior technical authority for risk analysis and risk acceptance decisions.

Threat Modeling & Security Architecture

• Lead threat modeling for enterprise platforms, cloud-native architectures, SaaS applications, and customer-facing services.

• Define and scale threat modeling practices using STRIDE, PASTA, MITRE ATT&CK, and related methodologies.

• Identify attack surfaces, trust boundaries, and architectural weaknesses through analysis of distributed systems.

• Partner with Product Security and Engineering to integrate threat modeling into architecture reviews and the SDLC.

• Develop reusable threat models, reference architectures, and security design guidance.

AI & Agentic Security Risk

• Lead security assessments and threat modeling for AI-enabled products, LLM integrations, and agentic workflows.

• Identify attack surfaces, trust boundaries, and threats involving prompt injection, excessive agency, model compromise, training data poisoning, and data exposure.

• Partner with Product Security, Engineering, and Architecture to embed security throughout the AI development lifecycle.

• Evaluate risks associated with AI models, tool integrations, retrieval systems, and agent communications.

• Define measurable security requirements aligned with NIST AI RMF, ISO 42001, OWASP LLM Top 10, and MITRE ATLAS.

• Develop reusable AI security patterns and assessment methodologies that enable secure AI adoption.

Executive & Board-Level Risk Communication

• Develop data-driven, executive-ready risk narratives that clearly communicate technical risk in business terms.

• Support preparation of cyber risk briefings for the CISO, executive leadership team, Board of Directors, and Audit Committee.

• Present threat modeling findings, emerging risks, AI security concerns, and architectural risk trends to senior stakeholders.

• Provide strategic guidance regarding evolving threat landscapes and their potential business impact.

Technical Leadership & Influence

• Drive cybersecurity strategy and technical direction through influence rather than organizational authority.

• Mentor security architects, engineers, and technical leaders across the organization.

• Build scalable programs, frameworks, and repeatable processes that improve measurable security maturity.

• Foster a culture of secure-by-design engineering and data-driven, risk-informed decision making.

Qualifications

Required Qualifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or related field.

• 10+ years of cybersecurity experience in risk management, security architecture, product security, or cloud security.

• Expertise with NIST, FAIR, ISO, and quantitative risk assessment methodologies.

• Experience conducting threat modeling, risk analysis, and security assessments in enterprise and cloud environments.

• Strong understanding of AWS, Azure, GCP, and associated security risks.

• Experience securing AI/ML systems, LLM integrations, or agentic architectures.

• Strong analytical skills with the ability to derive actionable risk insights from technical data.

• Knowledge of MITRE ATT&CK and threat-informed defense methodologies.

• Excellent communication and influence skills across executive and technical audiences.

Preferred Qualifications

• Experience supporting FedRAMP authorization efforts and government compliance programs.

• Experience with AI governance programs and emerging AI security standards.

• Background in product security, application security, or secure software development.

• Experience supporting M&A cybersecurity due diligence and integration activities.

• Experience developing quantitative cyber risk programs using FAIR or similar methodologies.

• Relevant certifications such as CISSP, CRISC, CISM, CCSP, CGEIT, SABSA, or AI-focused security certifications.

Key Success Attributes

• Recognized technical authority in cyber risk management, threat modeling, and risk analytics.

• Strategic thinker who translates technical risk into measurable business impact.

• Strong executive presence with the ability to influence leaders across the organization.

• Data-driven and analytical, using evidence to prioritize risk and drive outcomes.

• Pragmatic and risk-focused, balancing security, innovation, and business agility.

• Effective collaborator who builds alignment through clear communication and partnership.

• Passion for solving complex security challenges in cloud, SaaS, AI, and agentic environments.

Why Proofpoint?

At Proofpoint, we believe that an exceptional career experience includes a comprehensive compensation and benefits package. Here are just a few reasons you’ll love working with us:

• Competitive compensation

• Comprehensive benefits

• Career success on your terms

• Flexible work environment

• Annual wellness and community outreach days

• Always on recognition for your contributions

• Global collaboration and networking opportunities

 

Our Culture:

Our culture is rooted in values that inspire belonging, empower purpose and drive success-every day, for everyone.

We encourage applications from individuals of all backgrounds, experiences, and perspectives. If you need accommodation during the application or interview process, please reach out to [email protected].

 

How to Apply

Interested? Submit your application along with any supporting information- we can’t wait to hear from you!

Consistent with Proofpoint values and applicable law, we provide the following information to promote pay transparency and equity. Our compensation reflects the cost of labor across several U.S. geographic markets, and we pay differently based on those defined markets as set out below. Pay within these ranges varies and depends on job-related knowledge, skills, and experience. The actual offer will be based on the individual candidate. The range provided may represent a candidate range and may not reflect the full range for an individual tenured employee. This role may be eligible for variable compensation and/or equity. We offer a competitive benefits package, including flexible time off, a comprehensive well-being program with two paid Wellbeing Days and two paid Volunteer Days per year, plus a three-week Work from Anywhere option.

Base Pay Ranges:

SF Bay Area, New York City Metro Area:

Base Pay Range: 200,300.00 - 293,810.00 USD

California (excludes SF Bay Area), Colorado, Connecticut, Illinois, Washington DC Metro, Maryland, Massachusetts, New Jersey, Texas, Washington, Virginia, and Alaska:

Base Pay Range: 167,300.00 - 245,355.00 USD

All other cities and states excluding those listed above:

Base Pay Range: 152,900.00 - 224,235.00 USD