Serverless computing, exemplified by Function-as-a-Service (FaaS) platforms such as AWS Lambda, Azure Functions, and Google Cloud Functions, has revolutionized cloud-native application development by abstracting away infrastructure management and enabling event-driven, scalable architectures. Its promise of operational efficiency and cost-effectiveness has fueled widespread adoption across industries. However, this paradigm shift also introduces novel security challenges—ephemeral compute instances, event injection vulnerabilities, complex identity and access management (IAM), ins/ecure third-party dependencies, and limited observability—render traditional cloud security models insufficient. This paper critically examines the unique security risks inherent to serverless environments and explores architectural shifts required to build "secure-by-design" serverless applications. Through a combination of theoretical analysis, provider-specific comparisons, and empirical case studies, we evaluate security parameters including attack surface, privilege boundaries, and runtime isolation. The research proposes a layered security model incorporating Zero Trust principles, micro-isolation at the function level, secure defaults, and behavior-based runtime monitoring. Our findings demonstrate that while serverless models challenge conventional security practices, a deliberate reengineering of cloud architecture can achieve both agility and resilience. The study outlines best practices and reference architectures that integrate cloud-native security frameworks from the ground up. These insights contribute to the evolving discourse on secure cloud engineering and provide actionable guidelines for developers, architects, and cloud providers committed to advancing secure serverless ecosystems.